BYOD Trend Brings New Security Challenges for IT: Allowing Greater Access While Protecting Networks

Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force for enterprise productivity.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Dell Software.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions and you're listening to BriefingsDirect.

Gardner

Today, we present a sponsored podcast discussion on bringing clarity to bring your own device (BYOD) support, management, and security.

While so-called BYOD isn't necessarily new -- IT departments, after all, have been supporting mobile "road warriors" since the 1980s, the rising tide of end users seeking the use and support of their consumer devices is certainly something quite new. It’s so new that IT departments are grasping for any standard or proven approaches that make BYOD access of enterprise resources both secure and reliable.

The task is dauntingly complex, and new and unforeseen consequences of BYOD are cropping up regularly, from deluged help desk to app performance snafus to new forms of security breaches.

We're here now with a panel to explore some of the new and more-effective approaches for making BYOD both safe and controlled. Please join me in welcoming our guests, Jonathan Sander, Director of IAM Product Strategy at Dell Software. Welcome, Jonathan.

Jonathan Sander: Hi, Dana. Thanks.

Gardner: We're also here with Jane Wasson, Senior Product Marketing Manager for Mobile Security at Dell Software. Welcome, Jane.

Jane Wasson: Thanks, Dana.

Gardner: It’s good to have you both with us. As I mentioned, road warriors have been looking to their IT department to help them in the field for decades, but there just doesn’t seem to be any standard operating procedures for supporting BYOD.

You can't just buy it in a box. It’s not shrink wrapped in any way. I wonder why the means to make widespread BYOD perform well is so scattered and so uncooked. Jane, why are we at this point now? People really want a solution and they can’t get one.

Wasson: IT did a great job of supporting mobile workers with laptops and early mobile devices for quite some time, but much of that was with IT-controlled systems. IT chose the devices. They chose the software, the applications, that would run on those laptops.

What we're seeing increasingly now is that mobile workers are using their personally purchased mobile devices -- cellphones, smart phones, and tablets -- to access their e-mail, calendar, corporate e-mail, corporate calendar, and IT has been able to support that securely and very successfully for them across a wide variety devices and operating systems.

Ease and speed

What we're seeing now that’s a little bit different is increasingly those mobile workers like the ease of use and the speed at which they can get to their email and their calendar apps with those mobile devices. They now want IT to extend that so that they can get the same access to enterprise apps and resources on mobile devices that they've enjoyed on their IT controlled laptops over the years.

Wasson

That creates a new challenge for IT. All of a sudden, rather than having a controlled set of devices and a controlled environment, that they can manage, they have a variety of devices that end users have purchased. IT had no control over that choice and what’s already loaded on those devices.

They're trying to figure out, given that environment, how to securely enable access to enterprise apps and resources and give those end users that speed of access that they want and the ease of access that they want, but still maintain security.

They don't want their back-end networks infected with malware. They don't want to have rogue users finding laptops or mobile devices and being able to access enterprise systems. It’s a huge challenge for IT support groups.

Gardner: Do you have any sense of how big a wave this is? Are there numbers or data that indicate what portion of users are trying to go in the BYOD direction?

Wasson: Industry analysts are now seeing that more than 50 percent of workers are using personal mobile devices in some capacity to access those networks. Increasingly, they're asking to access not just email and calendar, but also enterprise apps and resources.

Gardner: Jonathan, as with many shifts in IT that didn’t originate with the IT department, it seems that there are some unintended consequences here. What’s happening now that we've got this tug, this pull, in the BYOD direction? What are IT folks who are tasked in making this viable finding?

Sander: There are a lot of consequences, and understanding all of them is still in process. That’s part of the problem. Of all the problems that people are going to have as a result of BYOD are TBD. One of the ones that's most apparent right away is security. The approaches that people have taken in the past to lock down anything that’s related to mobile have all centered on exactly what Jane pointed out. They were in charge of the device in some fashion. They had a foot in that door and they could use some kind of lock down.

Sander

I was sitting with someone at one of the big financial firms in New York City the other day. We asked them about their BYOD strategy and he took a humorous approach to it. He said, "Yes, we have a really well-defined BYOD strategy. As long as the device is the one we assign to you and uses the software that we approved and control all the policy on, you can bring it." I think that that’s not too uncommon.

A lot of the firms that are very security sensitive have worked it out. On the other end of the scale, I've talked to people who say that BYOD is not something that is they are doing but rather is being inflicted on them. That’s the language they put it in. It relates back to that security problem, because when they're looking at trying to understand how their data is going to be present on these devices and what impact that will have on their risk standpoint, it's almost impossible to quantify.

History of breaches

If you look at the history of breaches, even with the controlled laptops that they had, you had laptops being stolen with tons of data on them. You know what happens the first time you get one of those breaches stemming from someone leaving their cellphone in the backseat of a taxi cab? These are things that are keeping people up at the night.

Add to this that a lot of times the security approaches they have taken have all been leveraging the fact that there is a single vendor that is somehow responsible for a lot of what they do. Now, with the explosion of the variety of devices and the fact that they have no control over what their employee might purchase to bring in, that notion is simply gone. With it went any hope of a standard, at least anytime soon, to help secure and lock down the data on all these different devices.

Gardner: Another aspect of this is the diversity of the variables. There is web access, native apps, a variety of different carriers, different types of networks within those carriers, and all these different plans.

I suppose it’s difficult to have just a standard operating procedure. It seems like there have to be dozens of standard operating procedures. Is that what they're finding in the field, and how does any organization come to grips with such diversity?

How do you insert any control into that scenario at all? It gets very complex, very quickly.

Sander: You're absolutely right. Diversity, first and foremost, is the challenge. There are also a lot of other trends that are bringing more diversity into IT at the same time, and then BYOD just becomes one dimension of diversity.

You mentioned web control. If you're assuming that this is a web application that they're rolling out on their own, that's one thing. If it’s a cloud app, what happens when you have somebody using a cloud app on a BYOD device? How do you insert any control into that scenario at all? It gets very complex, very quickly.

Gardner: Let’s look at some specific types of starting points, putting in the blocking and tackling necessary to start to get a handle on this. Jane, what should companies be doing, in terms of setting up some building blocks, the means to tackle the reliability, security, and diversity?

Wasson: The good news is that being able to support remote workers is not new, because most companies already have policies in place to manage remote workers. What’s new is that, rather than the devices that are accessing the enterprise apps and resources being IT controlled, those devices are no longer IT controlled.

Very often, the policies are there. What they need to do is rethink those policies in light of a mobile worker, a mobile device, environment with so much of the same capability. You have to be able to know which devices are connecting to the network. Are those devices harboring malware that could infect your network? Are those devices locked down, so that authentication is necessary to get into your network?

There are a number of best practices that IT organizations already have in place for their managed laptop devices. The question is how to take those policies and now apply those policies to a mobile worker who's bringing their own devices.

Forced authorization

You need to find technologies basically that allow you to force authentication on those mobile users before they can access your network. You need to find technologies that can help you interrogate those mobile devices to make sure that they're not going to infect your network with anything nasty. You need to find the technologies that allow you to look at that traffic, as it’s coming onto your network, and make sure that it's not carrying malware or other problems.

Very often, IT departments have a good handle on what they need to do. It’s a question for their environment how best to integrate mobile device management technologies so that they can support these mobile workers to provide them the access they need and do it in a way that does not introduce a lot of risk to the enterprise.

Gardner: I think I heard you say that those areas that you described would fall under this category of mobile device management. If that’s the case, without going to the buzz words too deeply, what should people think of? How should they have a vision around what mobile device management should actually do?

Wasson: What mobile device management needs to do for them is what laptop device management has done for them in the past. The key things to think about there are looking at when you're actually deploying those devices. Maybe you have end users that are purchasing personal units, and maybe you don't know initially. Maybe you don't have the same level of knowledge about that unit or ways to track it.

A mobile device management platform needs to do those functions for the IT support organization across mobile operating systems.

What you can do is introduce technologies onto your network, so that when your users log into the network or authenticate onto the network, the device is queried, so that you are able to do some level of tracking of that device. You're able to potentially provide self-service portals, so that employees have the ability to download enterprise mobile applications onto that device.

You have the ability to very simply load onto those devices agents that can automatically query devices and make sure that they're configured to meet your security requirements.

There are technologies available to do mobile device management and provide that level of oversight, so that you can inventory devices. You can have a level of knowledge and management over configuration and software applications. And you do have the ability to control, at some level, the security settings on those devices. A mobile device management platform needs to do those functions for the IT support organization across mobile operating systems.

Gardner: I should imagine, Jonathan, that an organization that’s had experience with managing laptops and full clients, as well as thin clients and zero clients, would have a leg up on moving into mobile device management. Is that the case?

Sander: To Jane’s point, they should have policies in place that are going to apply here, so that in that sense they have a leg up. They definitely need the technology in place to deliver on it, and that’s on the device layer.

On the application layer, the data layer, the place where all the intellectual property (IP) for an organization sits in most cases, those layers should be -- the word "should" is tricky -- pretty well secured already. The idea is that they have already been on there on laptops, trying to get in from the outside, for a while and there should be some level of lock-down there.

Layered defense

If you have a healthy layered defense in place so that you can get the access to people outside of your walls, then your mobile access people coming in with their own devices, in a lot of cases, are just going to look like a new client on that web application.

The trick comes when you have organizations that want to take it to the next level and supply some sort of experience that is different on the mobile device. That might mean the paranoid version, where I want to make sure that the user on the mobile device has a lot less access, and I want that to be governed by the fact that they are on the mobile device. I need to take that into account. But there is also the very proactive view that you don’t have to be paranoid about it, and you can embrace it.

I worked with a large energy company that decided to embrace these devices. They decided that if they're going to use them well, they might as well squeeze some more productivity out of them. They were going to roll out apps that specifically deliver their data, but the challenge they faced then was that they then had to make sure the data were secure in those channels too.

So they had to be very specific about that, and that involved new areas of policy but also having the technology be smart enough to answer those challenges, as well, because being proactive like that means taking on some new security context, and it’s a new risk.

Gardner: Jane, I have also heard that you need to think about networks in a different way. With some relevance to the past, network containment has been something organizations have done for remote branches. They've used VPNs with the end devices, fat clients, if you will. How does network containment mature for BYOD support?

The good news is that IT departments have a lot of experience with managing networks and managing their network securely.

Wasson: The good news is that IT departments have a lot of experience with managing networks and managing their network securely. What’s different here is that now you have a mobile device that is the conduit coming into the network. Whereas in the past, folks had been using primarily laptop VPN clients, that paradigm changes a little for the mobile world. Mobile users like the convenience and the ease of being able to use mobile applications.

The challenge for IT departments is how to create a simple user experience for mobile device to access the back-end network and how to make sure that for the mobile user not only is it simple and easy, but they are authenticating to that network for security.

Also because with that mobile user it’s a personal device and they control what mobile service they are using, IT groups need to care a lot about the networks from which the user is accessing the corporate environment.

For example, you want to make sure that you're using an encrypted SSL VPN connection to go back into your corporate data centers. It needs to not only be encrypted as SSL VPN, but you also want to make sure that it's a very easy and simple experience for your mobile user.

What IT groups need to be looking for is that very simple mobile worker experience that allows you to very quickly authenticate onto the network and establish encrypted SSL VPN into the networks, so that you don't have to worry about interception on a wi-fi network or interception on a mobile service network in a public place.

Access control

The need for network access control, so that once you know that users are coming in securely, once you know they are authenticated onto the network, you can easily enable them to access the correct enterprise applications and resources that they should have privileges for.

The challenge there for IT is that you want to make sure that it’s easy for IT to provision. You want a technology that recognizes that you have mobile users coming and allows you to very easily provision those users with the privileges you want them to have on your network and make sure that they are coming in over secure networks. There are lots of implications for networks, there but there are solutions to help address that.

Gardner: Now, another way to skin this cat, I suppose, and which also makes it different with mobile devices is there is not just an on-off switch in terms of access. If you want to make security adjust to the modern environment, you need to start having a granular approach. Jonathan, how does access control over your assets and resources -- not a complete black-and-white or on-and-off -- but at a more graduated or a granular level, help with BYOD and security?

Sander: It goes back to that idea of trying to be either both paranoid or proactive about the whole BYOD sphere. When you're trying to figure out what data you want people to have access to, you're not just going to take into account some rigid set of rules based on who they are.

Context is king in a lot of cases these days, when you are trying to figure out a good approach to security.

At least most organizations are not going to do that, partially because coming up with those rules itself can be challenging, but also because a lot of times what counts most to these people are not the roles and the rules but rather context.

Context is king in a lot of cases these days, when you are trying to figure out a good approach to security. What better context to be aware of then one person sitting at a desk behind all of corporate protection accessing a system versus the same person on their tablet in a Starbucks.

These are clearly two different risk categories. If they want to get access to the same data, then you're probably going to do slightly different things to have things happen. At that Starbucks, like Jane said, you're going to have to make sure you have a very secure channel to communicate on. And you might want to ask them to do extra layers of authentication or perhaps go through an extra step of approval. Or maybe somebody on the inside needs to confirm that this person should have access to that data on the outside.

What that’s going to mean, Dana, is that you are going to have lots of different layers of security but they all need to be very well connected to one another. They need to be able to share data, share that context, and in that sharing, be able to create the right circumstance to have a secure access to whatever data is going to make the efficiency for that person be maximized. Maybe they're in the Starbucks because they are on a road trip that is incredibly important to meeting the top-line goals for your company.

It may not just be a convenience. It often sounds, when you talk about these BYOD and mobile questions, as if we're enabling somebody to be lazy. All I can say is that when I find myself on business trips, working at Starbucks is not lazy. It’s a necessity.

Not a luxury

It’s not exactly comfortable sitting there and trying to work around noise, traffic, and everything else. Typically, I'm not doing it as a luxury and I don’t think anybody else that does it is doing it that way either, in most cases. So, finding ways to enable that is a big deal.

Gardner: We could spend a whole other hour talking about the productivity benefits that come when BYOD is done correctly, but in listening to you both it occurs to me that there are positive, unintended consequences here. When you do go mobile first, with your network containment activities, with your connected security around access control, and when you've elevated management to mobile device management, you're probably an organization with better policies and with better means or security in total.

Am I off-base here, or is there a more robust level within an IT organization when they embrace BYOD in mobile and mobile first becomes really a just better way of doing IT?

Wasson: The key thing here is that end users are moving to mobile. Workers are moving to mobile because they like the speed and ease of use of the mobile environment.

IT organizations that embrace that are going to be ahead of the game of being able to secure those networks.

IT organizations that embrace that are going to be ahead of the game of being able to secure those networks, relative to organizations that don't embrace it and have mobile workers end-gaming them by using apps that are more likely to introduce malware onto the networks.

IT support organizations that provide that easy, secure access into enterprise, not just the calendar and email apps, but into the enterprise apps and resources, are more likely to have happy end users that are using secure technologies, as opposed to end-gaming IT and using technologies that introduce more risk into IT environment.

Sander: I agree that the worst consequence of not doing the mobile first is that you're going to have people end-gaming IT. You're going to have shadow IT spring up in lines of business. You're going to have smart end users simply figuring it out for themselves. Believe me, if you don’t proactively lock it down, there are lots of ways to get it as mobile devices. Those companies that do think mobile first are the ones that are going to innovate their way out of those problems.

They're the ones who are going to have the right mentality at the outset, where they formulate policy with that in mind and where they adopt technology with that in mind. You can see that happening today.

I see companies that have taken advantage of a mobile platform and tried to make sure that it is going to boost productivity. But the very first thing that happens, when they do that, is they get a huge push back from security, from the risk people, and sometimes even from executive-level folks, who are a little more conservative in a lot of cases, and tend to think in terms of the impact first. Because they want to push into that mobility mindset, that pushback forces them to think their way through all the security impacts and get over those hurdles to get what they really want.

The idea is that, if you do it well, doing good security for mobility and BYOD on the first try, getting that good security, becomes an enabler as more waves of it hit you, because you've already got it figured out. When the next line of business shows up and wants to do it seriously, you've got a good pattern there which completely discourages all of that shadow IT and other nonsense, because if you can give them good answers, and they want them.

Be an enabler

They don’t want to figure out ways around you. They want you to be an enabler. I was reading recently how security has to go from being the "department of no" to the "department of how," because a lot of times, that’s really what it boils down to. If you're simply going to say no, they're going to figure out a way around you. If you tell them how to do it in a secure fashion, they'll do that. That’s why they're asking in the first place. They want you to enable them.

Gardner: Maybe we should move beyond theory and vision into some practicality. Do we have any examples or anecdotes of organizations that have taken this plunge, embraced BYOD, perhaps with some mobile first mentality thrown in, and what are the results? What did they get?

Wasson: One potential example of this is educational institutions. Educational institutions are probably some of the earlier adopters for using mobile platforms to access their back-end systems, and yet educational institutions also are very often required by law not to make inappropriate sites and things available to students.

We've seen educational institutions deploying mobile device management platforms, and in this case our KACE K3000 Mobile Management platform with our mobile security solutions, such as our Mobile Connect application on devices, and Secure Remote appliances, enabling secure SSL VPN connection. What we're seeing is that the IT organizations have the level of control over those devices that they need.

They can still give the freedom to the end user to choose those devices, yet they have the ability to manage those devices, manage security settings on those devices, authenticate those devices before they connect to the educational institution data centers, and automatically establish encrypted secure SSL VPN.

They can still give the freedom to the end user to choose those devices, yet they have the ability to manage those devices.

They're able to query the traffic to make sure that traffic isn’t coming from or going to inappropriate sites and making sure that there's no malware on the network. And they're able to gain control and security of the mobile students, while still enabling those students to use their personal devices and the tools of their choice.

Gardner: Jonathan, any other examples from your perspective on when you do this well, how it can work?

Sander: The first one that comes to mind is a healthcare system we were working with. They were in a unique position in that they actually had a high percentage of doctor ownership. What I mean by that is that a lot of people who had an executive stake in the healthcare system were themselves doctors.

The doctors clearly wanted to use mobile devices as much as possible. They wanted to enable themselves to work on the run. They were running between hospitals. They were doing lots of different things where it's not a luxury to be on the tablet, but more of a necessity. So they challenged their IT folks to enable that.

Just as with this situation in other places, the first push back was from security. We worked with them, and the results were very similar to what Jane describes from a technology standpoint. Dell was able to supply them with mobile-device management and network controls. They had a really good single sign-on platform as well. So the doctors weren’t constantly logging in again and again and again, even though they switched context and switched devices.

Productivity gain

What they gained from that was a huge amount of productivity from the doctors. In this case, coincidentally, they gained big in the executive team’s eyes for IT, because as I mentioned, a lot of them happened to be doctors. That was a good feedback loop. As they made that constituency very happy, that also fed directly into their executive team.

In this particular case they got a double benefit, not just happy users, but happy executives. I guess it’s one of those, "I'm not just a president, but also user" type of things, where they were able to benefit twice from the same work.

Gardner: I don't think we can, in any way, expect this BYOD trend to be a flash in the pan. I think it’s going to be here for quite some time, here to stay really.

But as we look to the future, are there some developments that we should expect that would reward organizations for being proactive with the way they go at BYOD, more from a systemic and strategic and well thought-out approach rather than knee-jerk or reactive?

As smartphones have become more prevalent in the marketplace, increasingly hackers and cyber terrorists are recognizing that that’s a great new platform to go after.

I'm thinking about security and malware, whether that might be something that’s going to change in anyway? Any thoughts Jane on where the security equation might shift in the future?

Wasson: Today much of the malware is targeting PCs and laptops, but now, as smartphones have become more prevalent in the marketplace, increasingly hackers and cyber terrorists are recognizing that that’s a great new platform to go after.

We're seeing an increase development of malware to go after mobile devices as a conduit to get into back-end networks. We should absolutely expect that that’s going to continue. We're seeing a trend towards more targeted attacks. As technologies to protect are developed, it’s going to be very important to find those technologies that specifically protect from targeted attacks.

The thing that’s becoming increasingly important is to make sure that your security technologies aren't just looking at the reputation of who is trying to get into the network and protocols, but is actually looking at the actual traffic packets themselves. It's important to be able to identify those targeted attacks, advanced persistent threats, or malware that’s hidden within your traffic, because in the network at large, the presence of malware is only growing.

For mobile platforms, historically it wasn’t as big a problem. Now that we see more of them out there, they're becoming a more important target. So it’s very important for IT support organizations to get ahead of this.

They need to recognize that where they had previously focused mostly on what’s happening with PC laptop traffic, they really need to focus a lot more on making sure that they have good strategies and good policies in place also to address that mobile traffic.

Broadening reach

Gardner: We've been talking, of course, about how BYOD impacts employees and users within the enterprise. I suppose we should also broaden this out to consider that mobile commerce is going to impact supply chain, partners, and end users. Consumers will be going through mobile applications increasingly to do business with various organizations.

This, again, goes beyond just the device for the employee to the devices for all the points that connect enterprises and customers. Any thoughts on how that might evolve in the future, Jonathan?

Sander: Most everything we've talked about has been taking patterns and scripts that people are pretty familiar with from an IT security standpoint, changing a couple of the players, and running them the way that they have. It’s either your applications, as you have had them, and you are going to run the security play with mobile device as the endpoint, and you try to figure that out.

But there are also trends where we have our user base and now we are going to move our applications out into the cloud. How do we do that? One of the things that we can look to for the future of BYOD is that we need to figure out what does it mean to have BYOD devices, cloud-based applications, and almost no touch points for us to get in there.

A lot of organizations, thankfully for them, are not there yet, but they really need to be thinking about that.

All of the patterns that we are used to, all of the scripts that we follow from a security standpoint, assume at least half the conversation is a heavy touch point for us. We're going to have the ability to get in there and put the shim in, or do whatever it is that’s necessary to understand it. But if that lies mostly outside of our hands, what does that mean? How do I really get a handle on that? A lot of organizations, thankfully for them, are not there yet, but they really need to be thinking about that.

We talk about thinking mobile first. People who are thinking mobile first with their end-user community, when they are in their private planning meetings trying to figure out the next phase, need to figure out what this looks like, whether it’s a world that has IT almost completely out of the equation, but still somehow responsible for it.

Gardner: I suppose we should be thinking about mobile and cloud first from now on.

Sander: That’s where it’s going to go.

Gardner: We're running close to our time, but let’s get a little bit more on Dell’s vision, given this future track, what we're seeing in the current landscape for BYOD, and the acquisitions and the strategic move from Dell Software. Let’s hear what you have in mind in terms of how one should go about, as an IT organization, getting a better handle on this. Let’s start with you, Jonathan.

Sander: Our overall vision for security and we would definitely apply this to the BYOD sphere as well, is approaching it from a connected viewpoint. The word "connected" has a very specific context here.

You often hear talk from Dell and others about converged solutions, where essentially you bring a whole bunch of technologies into one solution, usually a box of some kind, and you deliver it as such.

Moving parts

Security is never going to look like that. Security is always going to have a lot of different moving parts, and that’s because essentially security needs to map itself to the needs of the infrastructure that you've built. That’s going to be dictated by organic growth, mergers and acquisitions, and everything in between.

We think about it as being a connected set of solutions. The focus of that is to make sure that we can deliver on all these different points that are necessary to build up the right context and the right controls, to make security meaningful in a context like BYOD, but not do it in a way that makes too many demands of the infrastructure. The way you get benefit from that is by having these connected pieces attached at the right points. You then get both the protection of going inside-out and outside-in.

Inside-out is the way you normally think about security in a lot of cases, where you build the controls for the things you are in charge of. You make sure that, as they go out into the world, they're heavily secured using all the themes you have at your disposal.

Security is always going to have a lot of different moving parts, and that’s because essentially security needs to map itself to the needs of the infrastructure that you've built.

Outside-in is the traditional bad guys trying to get into your little world scenario. We want to make sure that the connected security solutions that we deliver can do both of these things, not only protect you from any insider threats and all of the things that can crop up from the way you build your technology that you are going to use to propel the business, but also protect you from the threats from the outside as well.

Gardner: Last word to you, Jane. What would you add to what Jonathan said in terms of Dell Software’s vision for making BYOD secure?

Wasson: The good news is that our vision basically supports IT in helping to enable the mobile worker to get that simple, secure, fast access to enterprise apps and resources. The way that we are doing this is by providing mobile-friendly technologies, IT friendly technologies, that give both the ease of use and simplicity that mobile users need.

For example, our Mobile Connect App acts both as a VPN client and also a policy-enforced network access control app client, so that you have that simple one click access into the corporate data center that is secured by encrypted SSL VPN, with our Secure Remote Access appliances.

You also have the support for IT to reduce complexity, because we make it very easy to create those policies, automatically enforce those policies, and implement network access control and security throughout the network.

Gardner: Well, great. I'm afraid we'll have to leave it there. You've been listening to a sponsored BriefingsDirect podcast discussion on bringing clarity to BYOD support, management, and security. And we have seen how IT departments are grasping for any proven or standardized approach that makes BYOD access of resources secure and reliable.

And we've learned how Dell Software is helping to bring standardized and flexible approaches to making BYOD and perhaps mobile first a positive new force to enterprise productivity.

So thanks to our guests for joining. We've been here with Jonathan Sander, the Director of IAM Product Strategy at Dell Software. Thanks so much, Jonathan.

Sander: Thank you, Dana.

Gardner: And thank you also to Jane Wasson, the Senior Product Marketing Manager for Mobile Security at Dell Software. Thanks, Jane.

Wasson: Thanks, Dana.

Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks also to our audience for joining us, and don’t forget to come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Dell Software

Transcript of a BriefingsDirect podcast on how Dell Software is helping to bring standardized and flexible approaches to making BYOD a positive new force for enterprise productivity. Copyright Interarbor Solutions, LLC, 2005-2013. All rights reserved.

You may also be interested in:

• Dell updates virtualization suite, makes VMware support a priority
• Want a Data-Driven Culture? Start Sorting Out the BI and Big Data Myths Now
• Data complexity forces need for agnostic tool chain approach for information management, says Dell Software executive
• Dell's Foglight for Virtualization update extends visibility and management control across more infrastructure
• For Dell's Quest Software, BYOD Puts Users First and with IT's Blessing
• Dell survey highlights importance of putting users before devices when developing BYOD strategies
• New Levels of Automation and Precision Needed to Optimize Backup and Recovery in Virtualized Environments

Want a Data-Driven Culture? Start Sorting Out the BI and Big Data Myths Now

Transcript of a BriefingsDirect podcast on current misconceptions about big data and how organizations should best approach a big-data project.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Dell Software.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions and you're listening to BriefingsDirect.

Gardner

Today, we present a sponsored podcast discussion on debunking some major myths around big data. It used to be that data was the refuse of business applications, a necessary cleanup chore for audit and compliance sake.

But now, as analytics grow in importance for better running businesses and in knowing and predicting dynamic market trends and customer wants in real-time, data itself has become the killer application.

As the volumes and types of value data are brought to bear on business analytics, the means to manage and exploit that sea of data has changed rapidly, too. But that doesn't mean that the so-called big data is beyond the scale of mere business mortals or too costly or complex for mid-size companies to master.

So we're here to pose some questions -- many of them the stuff of myth -- and then find better answers to why making data and big data the progeny of innovative insight is critical for more companies.

To help identify and debunk the myths around big data so that you can enjoy the value of those analytics better, please join me in welcoming our guest, Darin Bartik, Executive Director of Products in the Information Management Group at Dell Software. Welcome, Darin. [Disclosure: Dell is a sponsor of BriefingsDirect podcasts.]

Darin Bartik: Thanks, Dana. Good to be with you.

Gardner: We seem to be at an elevated level of hype around big data. I guess a good thing about that is it’s a hot topic and it’s of more interest to more people nowadays, but we seem to have veered away from the practical and maybe even the impactful. Are people losing sight of the business value by getting lost in speeds and feeds and technical jargon? Is there some sort of a disconnect between the providers and consumers of big data?

Bartik: I'm sure we're going to get into a couple of different areas today, but you hit the nail on the head with the first question.  We are experiencing a disconnect between the technical side of big data and the business value of big data, and that’s happening because we’re digging too deeply into the technology.

Bartik

With a term like big data, or any one of the trends that the information technology industry talks about so much, we tend to think about the technical side of it. But with analytics, with the whole conversation around big data, what we've been stressing with many of our customers is that it starts with a business discussion. It starts with the questions that you're trying to answer about the business; not the technology, the tools, or the architecture of solving those problems. It has to start with the business discussion.

That’s a pretty big flip. The traditional approach to business intelligence (BI) and reporting has been one of technology frameworks and a lot of things that were owned more by the IT group. This is part of the reason why a lot of the BI projects of the past struggled, because there was a disconnect between the business goals and the IT methods.

So you're right. There has been a disconnect, and that’s what I've been trying to talk a lot about with customers -- how to refocus on the business issues you need to think about, especially in the mid-market, where you maybe don’t have as many resources at hand. It can be pretty confusing.

Part of the hype cycle

The other thing you asked is, “Are vendors confusing people?" Without disparaging the vendors like us, or anyone else, that’s part of the problem of any hype cycle. Many people jumped on the bandwagon of big data. Just like everyone was talking cloud. Everyone was talking virtualization, bring your own device (BYOD), and so forth.

Everyone jumps on these big trends. So it's very confusing for customers, because there are many different ways to come at the problem. This is why I keep bringing people back to staying focused on what the real opportunity is. It’s a business opportunity, not a technical problem or a technical challenge that we start with.

Gardner: Right. We don’t want to lose the track of the ends because the means seem to be so daunting. We want to keep our focus on the ends and then find the means. Before we go into our myths, tell me a little bit, Darin, about your background and how you came to be at Dell.

Bartik: I've been a part of Dell Software since the acquisition of Quest Software. I was a part of that organization for close to 10 years. I've been in technology coming up on 20 years now. I spent a lot of time in enterprise resource planning (ERP), supply chain, and monitoring, performance management, and infrastructure management, especially on the Microsoft side of the world.

Most recently, as part of Quest, I was running the database management area -- a business very well-known for its products around Oracle, especially Toad, as well as our SQL Server management capabilities. We leveraged that expertise when we started to evolve into BI and analytics.

I started working with Hadoop back in 2008-2009, when it was still very foreign to most people. When Dell acquired Quest, I came in and had the opportunity to take over the Products Group in the ever-expanding world of information management. We're part of the Dell Software Group, which is a big piece of the strategy for Dell over all, and I'm excited to be here.

It’s not a size issue. It's really a trend that has happened as a result of digitizing so much more of the information that we all have already.

Gardner: Great. Even the name "big data" stirs up myths right from the get-go, with "big" being a very relative term. Should we only be concerned about this when we have more data than we can manage? What is the relative position of big data and what are some of the myths around the size issue?

Bartik: That’s the perfect one to start with. The first word in the definition is actually part of the problem. "Big." What does big mean? Is there a certain threshold of petabytes that you have to get to? Or, if you're dealing with petabytes, is it not a problem until you get to exabytes? 

It’s not a size issue. When I think about big data, it's really a trend that has happened as a result of digitizing so much more of the information that we all have already and that we all produce. Machine data, sensor data, all the social media activities, and mobile devices are all contributing to the proliferation of data.

It's added a lot more data to our universe, but the real opportunity is to look for small elements of small datasets and look for combinations and patterns within the data that help answer those business questions that I was referencing earlier.

It's not necessarily a scale issue. What is a scale issue is when you get into some of the more complicated analytical processes and you need a certain data volume to make it statistically relevant. But what customers first want to think about is the business problems that they have. Then, they have to think about the datasets that they need in order to address those problems.

Big-data challenge

That may not be huge data volumes. You mentioned mid-market earlier. When we think about some organizations moving from gigabytes to terabytes, or doubling data volumes, that’s a big data challenge in and of itself.

Analyzing big data won't necessarily contribute to your solving your business problems if you're not starting with the right questions. If you're just trying to store more data, that’s not really the problem that we have at hand. That’s something that we can all do quite well with current storage architectures and the evolving landscape of hardware that we have.

We all know that we have growing data, but the exact size, the exact threshold that we may cross, that’s not the relevant issue.

Gardner: I suppose this requires prioritization, which has to come from the business side of the house. As you point out, some statistically relevant data might be enough. If you can extrapolate and you have enough to do that, fine, but there might be other areas where you actually want to get every little bit of possible data or information relevant, because you don't know what you're looking for. They are the unknown unknowns. Perhaps there's some mythology about all data. It seems to me that what’s important is the right data to accomplish what it is the business wants.

Bartik: Absolutely. If your business challenge is an operational efficiency or a cost problem, where you have too much cost in the business and you're trying to pull out operational expense and not spend as much on capital expense, you can look at your operational data.

There's a lot of variability and prioritization that all starts with that business issue that you're trying to address.

Maybe manufacturers are able to do that and analyze all of the sensor, machine, manufacturing line, and operational data. That's a very different type of data and a very different type of approach than looking at it in terms of sales and marketing.

If you're a retailer looking for a new set of customers or new markets to enter in terms of geographies, you're going to want to look at maybe census data and buying-behavior data of the different geographies. Maybe you want datasets that are outside your organization entirely. You may not have the data in your hands today. You may have to pull it in from outside resources. So there's a lot of variability and prioritization that all starts with that business issue that you're trying to address.

Gardner: Perhaps it's better for the business to identify the important data, rather than the IT people saying it’s too big or that big means we need to do something different. It seems like a business term rather than a tech term at this point.

Bartik: I agree with you. The more we can focus on bringing business and IT to the table together to tackle this challenge, the better. And it does start with the executive management in the organization trying to think about things from that business perspective, rather than starting with the IT infrastructure management team. 

Gardner: What’s our second myth?

Bartik: I'd think about the idea of people and the skills needed to address this concept of big data. There is the term "data scientist" that has been thrown out all over the place lately. There’s a lot of discussion about how you need a data scientist to tackle big data. But “big data” isn't necessarily the way you should think about what you’re trying to accomplish. Instead, think about things in terms of being more data driven, and in terms of getting the data you need to address the business challenges that you have. That’s not always going to require the skills of a data scientist.

Data scientists rare

I suspect that a lot of organizations would be happy to hear something like that, because data scientists are very rare today, and they're very expensive, because they are rare. Only certain geographies and certain industries have groomed the true data scientist. That's a unique blend between a data engineer and someone like an applied scientist, who can think quite differently than just a traditional BI developer or BI programmer.

Don’t get stuck on thinking that, in order to take on a data-driven approach, you have to go out and hire a data scientist. There are other ways to tackle it. That’s where you're going to combine people who can do the programming around your information, around the data management principles, and the people who can ask and answer the open-minded business questions. It doesn’t all have to be encapsulated into that one magical person that’s known now as the data scientist.

Gardner: So rather than thinking we need to push the data and analytics and the ability to visualize and access this through a small keyhole, which would be those scientists, the PhDs, the white lab coats, perhaps there are better ways now to make those visualizations and allow people to craft their own questions against the datasets. That opens the door to more types of people being able to do more types of things. Does that sum it up a bit?

Bartik: I agree with that. There are varying degrees of tackling this problem. You can get into very sophisticated algorithms and computations for which a data scientist may be the one to do that heavy lifting. But for many organizations and customers that we talk to everyday, it’s something where they're taking on their first project and they are just starting to figure out how to address this opportunity.

For that, you can use a lot of the people that you have inside your organization, as well potentially consultants that can just help you break through some of the old barriers, such as thinking about intelligence, based strictly on a report and a structured dashboard format.

Often a combination of programming and some open-minded thinking, done with a  team-oriented approach, rather than that single keyhole person, is more than enough to accomplish your objectives.

That’s not the type of approach we want to take nowadays. So often a combination of programming and some open-minded thinking, done with a  team-oriented approach, rather than that single keyhole person, is more than enough to accomplish your objectives.

Gardner: It seems also that you're identifying confusion on the part of some to equate big data with BI and BI with big data. The data is a resource that the BI can use to offer certain values, but big data can be applied to doing a variety of other things. Perhaps we need to have a sub-debunking within this myth, and that is that big data and BI are different. How would you define them and separate them?

Bartik: That's a common myth. If you think about BI in its traditional, generic sense, it’s about gaining more intelligence about the business, which is still the primary benefit of the opportunity this trend of big data presents to us. Today, I think they're distinct, but over time, they will come together and become synonymous.

I equate it back to one of the more recent trends that came right before big data, cloud. In the beginning, most people thought cloud was the public-cloud concept. What’s turned out to be true is that it’s more of a private cloud or a hybrid cloud, where not everything moved from an on-premise traditional model, to a highly scalable, highly elastic public cloud. It’s very much a mix.

They've kind of come together. So while cloud and traditional data centers are the new infrastructure, it’s all still infrastructure. The same is true for big data and BI, where BI, in the general sense of how can we gain intelligence and make smarter decisions about our business, will include the concept of big data.

Better decisions

So while we'll be using new technologies, which would include Hadoop, predictive analytics, and other things that have been driven so much faster by the trend of big data, we’ll still be working back to that general purpose of making better decisions.

One of the reasons they're still different today is because we’re still breaking some of the traditional mythology and beliefs around BI -- that BI is all about standard reports and standard dashboards, driven by IT. But over time, as people think about business questions first, instead of thinking about standard reports and standard dashboards first, you’ll see that convergence.

Gardner: We probably need to start thinking about BI in terms of a wider audience, because all the studies I've seen don't show all that much confidence and satisfaction in the way BI delivers the analytics or the insights that people are looking for. So I suppose it's a work in progress when it comes to BI as well.

Bartik: Two points on that. There has been a lot of disappointment around BI projects in the past. They've taken too long, for one. They've never really been finished, which of course, is a problem. And for many of the business users who depend on the output of BI -- their reports, their dashboard, their access to data -- it hasn’t answered the questions in the way that they may want it to.

One of the things in front of us today is a way of thinking about it differently. Not only is there so much data, and so much opportunity now to look at that data in different ways, but there is also a requirement to look at it faster and to make decisions faster. So it really does break the old way of thinking.

People are trying to make decisions about moving the business forward, and they're being forced to do it faster.

Slowness is unacceptable. Standard reports don't come close to addressing the opportunity in front us, which is to ask a business question and answer it with the new way of thinking supported by pulling together different datasets. That’s fundamentally different from the way we used to do it.

People are trying to make decisions about moving the business forward, and they're being forced to do it faster. Historical reporting just doesn't cut it. It’s not enough. They need something that’s much closer to real time. It’s more important to think about open-ended questions, rather than just say, "What revenue did I make last month, and what products made that up?" There are new opportunities to go beyond that.

Gardner: I suppose it also requires more discipline in keeping your eye on the ends, rather than getting lost in the means. That also is a segue to our next myth, which is, if I have the technology to do big data, then I'm doing big data, and therefore I'm done.

Bartik: Just last week, I was meeting with a customer and they said, "Okay, we have our Hadoop cluster set up and we've loaded about 10 terabytes of sample data into this Hadoop cluster. So we've started our big data project."

When I hear something like that, I always ask, "What question are you trying to answer? Why did you load that data in there? Why did you start with Hadoop? Why did you do all this?" People are starting with the technology first too often. They're not starting with the questions and the business problems first.

Not the endgame

You said as far as making sure that you keep your eye on the endgame, the endgame is not to spin up a new technology, or to try a new tool. Hadoop has been one of those things where people have started to use that and they think that they're off and running on a big-data project. It can be part of it, but it isn't where you want to start, and it isn’t the endgame.

The endgame is solving the business problem that you're out there trying to address. It’s either lowering costs inside the business, or it’s finding a new market, figuring out why this customer set loves our products and why some other customer set doesn’t. Answering those questions is the endgame, not starting a new technology initiative.

Gardner: When it comes to these technology issues, do you also find, Darin, that there is a lack of creativity as to where the data and information resides or exists and thinking not so much about being able to run it, but rather acquire it? Is there a dissonance between the data I have and the data I need. How are people addressing that?

Bartik: There is and there isn’t. When we look at the data that we have, that’s oftentimes a great way to start a project like this, because you can get going faster and it’s data that you understand. But if you think that you have to get data from outside the organization, or you have to get new datasets in order to answer the question that’s in front of us, then, again, you're going in with a predisposition to a myth.

You can start with data that you already have. You just may not have been looking at the data that you already have in the way that’s required to answer the question in front of you. Or you may not have been looking at it all. You may have just been storing it, but not doing anything with it.

Storing data doesn’t help you answer questions. Analyzing it does.

Storing data doesn’t help you answer questions. Analyzing it does. It seems kind of simple, but so many people think that big data is a storage problem. I would argue it's not about the storage. It’s like backup and recovery. Backing up data is not that important, until you need to recover it. Recovery is really the game changing thing.

Gardner: It’s interesting that with these myths, people have tended, over the years, without having the resources at hand,  to shoot from the hip and second-guess. People who are good at that and businesses that have been successful have depended on some luck and intuition. In order to take advantage of big data, which should lead you to not having to make educated guesses, but to have really clear evidence, you can apply the same principle. It's more how you get big data in place, than how you would use the fruits of big data.

It seems like a cultural shift we have to make. Let’s not jump to conclusions. Let’s get the right information and find out where the data takes us.

Bartik: You've hit on one of the biggest things that’s in front of us over the next three to five years -- the cultural shift that the big data concept introduces.

We looked at traditional BI as more of an IT function, where we were reporting back to the business. The business told us exactly what they wanted, and we tried to give that to them from the IT side of the fence.

Data-driven organization

But being successful today is less about intuition and more about being a data-driven organization, and, for that to happen, I can't stress this one enough, you need executives who are ready to make decisions based on data, even if the data may be counter intuitive to what their gut says and what their 25 years of experience have told them.

They're in a position of being an executive primarily because they have a lot of experience and have had a lot of success. But many of our markets are changing so frequently and so fast, because of new customer patterns and behaviors, because of new ways of customers interacting with us via different devices. Just think of the different ways that the markets are changing. So much of that historical precedence no longer really matters. You have to look at the data that’s in front of us.

Because things are moving so much faster now, new markets are being penetrated and new regions are open to us. We're so much more of a global economy. Things move so much faster than they used to. If you're depending on gut feeling, you'll be wrong more often than you'll be right. You do have to depend on as much of a data-driven decision as you can. The only way to do that is to rethink the way you're using data.

Historical reports that tell you what happened 30 days ago don't help you make a decision about what's coming out next month, given that your competition just introduced a new product today. It's just a different mindset. So that cultural shift of being data-driven and going out and using data to answer questions, rather than using data to support your gut feeling, is a very big shift that many organizations are going to have to adapt to.

Executives who get that and drive it down into the organization, those are the executives and the teams that will succeed with big data initiatives, as opposed to those that have to do it from the bottom up.

It's fair to say that big data is not just a trend; it's a reality. And it's an opportunity for most organizations that want to take advantage of it.

Gardner: Listening to you Darin, I can tell one thing that isn’t a product of hype is just how important this all is. Getting big data right, doing that cultural shift, recognizing trends based on the evidence and in real-time as much as possible is really fundamental to how well many businesses will succeed or not.

So it's not hype to say that big data is going to be a part of your future and it's important. Let's move towards how you would start to implement or change or rethink things, so that you can not fall prey to these myths, but actually take advantage of the technologies, the reduction in costs for many of the infrastructures, and perhaps extend and exploit BI and big data problems.

Bartik: It's fair to say that big data is not just a trend; it's a reality. And it's an opportunity for most organizations that want to take advantage of it. It will be a part of your future. It's either going to be part of your future, or it's going to be a part of your competition’s future, and you're going to be struggling as a result of not taking advantage of it.

The first step that I would recommend -- I've said it a few times already, but I don't think it can't be said too often -- is pick a project that's going to address a business issue that you've been unable to address in the past.

What are the questions that you need to ask and answer about your business that will really move you forward?" Not just, "What data do we want to look at?" That's not the question.

What business issue?

The question is what business issue do we have in front of us that will take us forward the fastest? Is it reducing costs? Is it penetrating a new regional market? Is it penetrating a new vertical industry, or evolving into a new customer set?

These are the kind of questions we need to ask and the dialogue that we need to have. Then let's take the next step, which is getting data and thinking about the team to analyze  it and the technologies to deploy. But that's the first step – deciding what we want to do as a business.

That sets you up for that cultural shift as well. If you start at the technology layer, if you start at the level of let's deploy Hadoop or some type of new technology that may be relevant to the equation, you're starting backwards. Many people do it, because it's easier to do that than it is to start an executive conversation and to start down the path of changing some cultural behavior. But it doesn’t necessarily set you up for success.

Gardner: It sounds as if you know you're going on a road trip and you get yourself a Ferrari, but you haven't really decided where you're going to go yet, so you didn’t know that you actually needed a Ferrari.

Bartik: Yeah. And it's not easy to get a tent inside a Ferrari. So you have to decide where you're going first. It's a very good analogy.

Get smart by going to your peers and going to your industry influencer groups and learning more about how to approach this.

Gardner: What are some of the other ways when it comes to the landscape out there? There are vendors who claim to have it all, everything you need for this sort of thing. It strikes me that this is more of an early period and that you would want to look at a best-of-breed approach or an ecosystem approach.

So are there any words of wisdom in terms of how to think about the assets, tools, approaches, platforms, what have you, or not to limit yourself in a certain way?

Bartik: There are countless vendors that are talking about big data and offering different technology approaches today. Based on the type of questions that you're trying to answer, whether it's more of an operational issue, a sales market issue, HR, or something else, there are going to be different directions that you can go in, in terms of the approaches and the technologies used.

I encourage the executives, both on the line-of-business side as well as the IT side, to go to some of the events that are the "un-conferences," where we talk about the big-data approach and the technologies. Go to the other events in your industry where they're talking about this and learn what your peers are doing. Learn from some of the mistakes that they've been making or some of the successes that they've been having.

There's a lot of success happening around this trend. Some people certainly are falling into the pitfalls, but get smart by going to your peers and going to your industry influencer groups and learning more about how to approach this.

Technical approaches

There are technical approaches that you can take. There are different ways of storing your data. There are different ways of computing and processing your data. Then, of course, there are different analytical approaches that get more to the open-ended investigation of data. There are many tools and many products out there that can help you do that.

Dell has certainly gone down this road and is investing quite heavily in this area, with both structured and unstructured data analysis, as well as the storage of that data. We're happy to engage in those conversations as well, but there are a lot of resources out there that really help companies understand and figure out how to attack this problem.

Gardner: In the past, with many of the technology shifts, we've seen a tension and a need for decision around best-of-breed versus black box, or open versus entirely turnkey, and I'm sure that's going to continue for some time.

But one of the easier ways or best ways to understand how to approach some of those issues is through some examples. Do we have any use cases or examples that you're aware of, of actual organizations that have had some of these problems? What have they put in place, and what has worked for them?

There are a lot of resources out there that really help companies understand and figure out how to attack this problem.

Bartik: I'll give you a couple of examples from two very different types of organizations, neither of which are huge organizations. The first one is a retail organization, Guess Jeans. The business issue they were tackling was, “How do we get more sales in our retail stores? How do we get each individual that's coming into our store to purchase more?”

We sat down and started thinking about the problem. We asked what data would we need to understand what’s happening? We needed data that helps us understand the buyer’s behavior once they come into the store. We don't need data about what they are doing outside the store necessarily, so let's look specifically at behaviors that take place once they get into the store.

We helped them capture and analyze video monitoring information. Basically it followed each of the people in the store and geospatial locations inside the store, based on their behavior. We tracked that data and then we compared against questions like did they buy, what did they buy, and how much did they buy. We were able to help them determine that if you get the customer into a dressing room, you're going to be about 50 percent more likely to close transactions with them.

So rather than trying to give incentives to come into the store or give discounts once they get into the store, they moved towards helping the store clerks, the people who ran the store and interacted with the customers, focus on getting those customers into a dressing room. That itself is a very different answer than what they might have thought of at first. It seems easy after you think about it, but it really did make a significant business impact for them in rather short order.

Now, they're also thinking about other business challenges that they have and other ways of analyzing data and other datasets, based on different business challenges, but that’s one example.

Another example is on the higher education side. In universities, one of the biggest challenges is having students drop out or reduce their class load. The fewer classes they take, or if they dropout entirely, it obviously goes right to the top and bottom line of the organization, because it reduces tuition, as well as the other extraneous expenses that students incur at the university.

Finding indicators

The University of Kentucky went on an effort to reduce students dropping out of classes or dropping entirely out of school. They looked at a series of datasets, such as demographic data, class data, the grades that they were receiving, what their attendance rates were, and so forth. They analyzed many different data points to determine the indicators of a future drop out.

Now, just raising the student retention rate by one percent would in turn mean about $1 million of top-line revenue to the university. So this was pretty important. And in the end, they were able to narrow it down to a couple of variables that strongly indicated which students were at risk, such that they could then proactively intervene with those students to help them succeed.

The key is that they started with a very specific problem. They started it from the university's core mission: to make sure that the students stayed in school and got the best education, and that's what they are trying to do with their initiative. It turned out well for them.

These were very different organizations or business types, in two very different verticals, and again, neither are huge organizations that have seas of data. But what they did are much more manageable and much more tangible examples  many of us can kind of apply to our own businesses.

Gardner: Those really demonstrate how asking the right questions is so important.

What we have today is a set of capabilities that help customers take more of a data-type agnostic view and a vendor agnostic view to the way they're approaching data and managing data.

Darin, we're almost out of time, but I did want to see if we could develop a little bit more insight into the Dell Software road map. Are there some directions that you can discuss that would indicate how organizations can better approach these problems and develop some of these innovative insights in business?

Bartik: A couple of things. We've been in the business of data management, database management, and managing the infrastructure around data for well over a decade. Dell has assembled a group of companies, as well as a lot of organic development, based on their expertise in the data center for years. What we have today is a set of capabilities that help customers take more of a data-type agnostic view and a vendor agnostic view to the way they're approaching data and managing data.

You may have 15 tools around BI. You may have tools to look at your Oracle data, maybe new sets of unstructured data, and so forth. And you have different infrastructure environments set up to house that data and manage it. But the problem is that it's not helping you bring the data together and cross boundaries across data types and vendor toolset types, and that's the challenge that we're trying to help address.

We've introduced tools to help bring data together from any database, regardless of where it may be sitting, whether it's a data warehouse, a traditional database, a new type of database such as Hadoop, or some other type of unstructured data store.

We want to bring that data together and then analyze it. Whether you're looking at more of a traditional structured-data approach and you're exploring data and visualizing datasets that many people may be working with, or doing some of the more advanced things around unstructured data and looking for patterns, we’re focused on giving you the ability to pull data from anywhere.

Using new technologies

We're investing very heavily, Dana, into the Hadoop framework to help customers do a couple of key things. One is helping the people that own data today, the database administrators, data analysts, the people that are the stewards of data inside of IT, advance their skills to start using some of these new technologies, including Hadoop.

It's been something that we have done for a very long time, making your C players B players, and your B players A players. We want to continue to do that, leverage their existing experience with structured data, and move them over into the unstructured data world as well.

The other thing is that we're helping customers manage data in a much more pragmatic way. So if they are starting to use data that is in the cloud, via Salesforce.com or Taleo, but they also have data on-prem sitting in traditional data stores, how do we integrate that data without completely changing their infrastructure requirements? With capabilities that Dell Software has today, we can help integrate data no matter where it sits and then analyze it based on that business problem.

We help customers approach it more from a pragmatic view, where you're  taking a stepwise approach. We don't expect customers to pull out their entire BI and data-management infrastructure and rewrite it from scratch on day one. That's not practical. It's not something we would recommend. Take a stepwise approach. Maybe change the way you're integrating data. Change the way you're storing data. Change, in some perspective, the way you're analyzing data between IT and the business, and have those teams collaborate.

But you don't have to do it all at one time. Take that stepwise approach.

But you don't have to do it all at one time. Take that stepwise approach. Tackle it from the business problems that you're trying to address, not just the new technologies we have in front of us.

There's much more to come from Dell in the information management space. It will be very interesting for us and  for our customers to tackle this problem together. We're excited to make it happen.

Gardner: Well, great. I'm afraid we'll have to leave it there. We've been listening to a sponsored BriefingsDirect podcast discussion on debunking some major myths around big data use and value. We've seen how big data is not necessarily limited by scale and that the issues around  it don't always have to supersede the end for your business goals.

We've also learned more about levels of automation and how Dell is going to be approaching the market. So I appreciate that. With that, we'll have to end it and thank our guest.

We've been here with Darin Bartik, Executive Director of Products in the Information Management Group at Dell Software. Thanks so much, Darin.

Bartik: Thank you, Dana, I appreciate it.

Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks also to our audience for joining and listening, and don't forget to come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Dell Software.

Transcript of a BriefingsDirect podcast on current misconceptions about big data and how organizations should best approach a big-data project.  Copyright Interarbor Solutions, LLC, 2005-2013. All rights reserved.

You may also be interested in:

• Data complexity forces need for agnostic tool chain approach for information management, says Dell Software executive
• Dell's Foglight for Virtualization update extends visibility and management control across more infrastructure
• For Dell's Quest Software, BYOD Puts Users First and with IT's Blessing
• Dell survey highlights importance of putting users before devices when developing BYOD strategies
• New Levels of Automation and Precision Needed to Optimize Backup and Recovery in Virtualized Environments
• Data explosion and big data demand new strategies for data management, backup and recovery, say experts