Catbird CTO on Why New Security Models are Essential for Highly Virtualized Data Centers

Transcript of a BriefingsDirect discussion on how increased virtualization across data centers translates into the need for new approaches to security, compliance, and governance.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: Hewlett Packard Enterprise.

Dana Gardner: Hello, and welcome to the next edition of the Hewlett Packard Enterprise (HPE) Voice of the Customer interview series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this ongoing discussion on IT transformation and innovation -- and how that's making an impact on people's lives.

Gardner

Our next hybrid-computing case study discussion explores how increased virtualization across data centers translates into the need for new approaches to security, compliance, and governance. Just as next-generation data centers and private clouds are gaining traction, security threats are on the rise -- and attack techniques are becoming more sophisticated.

Are yesterday’s perimeter-based security infrastructure methods up to the task? Or are new approaches needed to gain policy-based control over all virtual assets at all times?

Here to explore the future of security for virtual workloads is Holland Barry, CTO at Catbird in Scotts Valley, California. Welcome, Holland.

Holland Barry: Thank you. Good to be here.

Learn How
Cloud Protection Starts
With a Security-First Mindset

Gardner: Tell us why it’s a different picture nowadays when we look at data centers and private clouds. Oftentimes, people think similarly about security -- just wrap a firewall around it and you're okay. Why isn’t that the case? What’s new?

Barry

Barry: As we've introduced many layers of abstraction into the data center, trying to adapt those physical appliances that don’t move around as fluid as the workloads they're protecting, it has become an issue. And as people virtualize more and we go more to this notion of a software-defined data center (SDDC), it has just proven a challenge to keep up, and we know that that layer on the perimeter is probably not sufficient anymore.

Gardner: It also strikes me that it’s a moving target, virtual workloads come and go. You want elasticity. You want to be able to have fit-for-purpose infrastructure, but that's also a challenge when you can’t keep track of things and therefore secure them. 

Barry: That’s absolutely right. The transient nature of workloads themselves make any type of rigid enforcement from a single device pretty tough to deal with. So you need something that was built to be fluid alongside those dynamic workloads.

Gardner: And I suppose, too, that enterprise architects that are putting more virtualization together across the data center, the SDDC, aren’t always culturally aligned with the security folks. So you have more than just a technology issue here. Tell us what Catbird does that goes beyond just the technology, and perhaps works toward a cultural and organizational benefit?

Greater skill set

Barry: Even just from an interface standpoint or trying to create a tool that can cater to those different administrative silos, you have people who have virtualization expertise, compute expertise, and then different security practice expertise. There are many slim lanes within that security category, and the next generation set of workloads in the hybrid IT environment is going to demand more of a skill set that can span all those domains. 

Gardner: We talk a lot about DevOps and SecOps combining. There's also this need for automation and orchestration. So policy-based seems to be really the only option to keep up with the speed on security. 

Barry: That’s exactly right. There has to be an application-centric approach to how you're applying security to your workloads. Ideally that would be something that could be templatized or defined up front. So as new workloads present themselves in the network, there's already a predetermined way that they're going to be secured and that security will take place right up against the edge of that workload.

Gardner: Holland, tell us about Catbird, what you do, how you're deployed, and how you go about solving some of these challenges.

Having that single point of policy definition and enforcement is going to be critical to people adopting and really taking the next leap to put a layer of defense in their data center.

Barry: Catbird was born and raised in virtualized environments. We've been around for a number of years. It was this notion of bringing the perimeter and the control landscape closer to the workload, and that’s via hypervisor integration and also via the virtual data-path integration. So it's having a couple of different vantage points from within the fabric and applying security with a purpose-built solution that can span multiple platforms.

So that hybrid IT environment, which is becoming a reality, may have a little bit of OpenStack, it may have a little bit of VMware. Having that single point of policy definition and enforcement is going to be critical to people adopting and really taking the next leap to put a layer of defense in their data center.

Gardner: How are you deployed, you are a software appliance yourself, virtualized software?

Barry: Exactly right. Our solutions are comprised of two components, and it’s a very basic hub-and-spoke architecture. We have a policy enforcement point, a virtual machine (VM) appliance that installs out on each hypervisor, and we have a management node that we call the Control Center. That’s another VM, and those two components talk together in a secure manner. 

Gardner: What’s a typical scenario? Where in this type of east-west traffic virtualization environment, security works better and how it protects? Are there some examples that would demonstrate where the perimeter approach breaks down would but your model got the task done?

Doing enforcement

Barry: I think that anytime that you need to have the granularity of not only visibility, but enforcement -- I'm going to get a little technical here -- down to the UUID of the vNIC, that smallest unit of measure as it relates to a workload, that’s really where we shine, because that’s where we do our enforcement. 

Gardner: Okay. How about partnerships? Obviously you're working in an environment where there are a lot of different technologies, lots of moving parts. What’s going on with you and HPE in terms of deployment, working with private cloud, operating systems, and then perhaps even moving toward modeling and some of the HPE ArcSight technology?

Barry: We have a number of different integration points inside HPE’s portfolio. We're a Helion-ready certified partner. We just announced our support for the 2.0 Helion OpenStack release.

Learn How
Cloud Protection Starts
With a Security-First Mindset

We're doing a lot of work the ArcSight team in terms of getting very detailed event feeds and visibility into the virtualized workloads.

And we just announced some work that we are doing with HPE’s HPN team around their software-defined networking (SDN) VAN Controller as well, extending Catbird’s east-west visibility into the physical domain, leveraging the placement of the SDN controller and its command over the switches. So it’s pretty exciting work there.

Gardner: Let’s dig into that a bit, the (SDN) advances that are going on and how that’s changing how people think about deployment and management of infrastructure and data centers. Doesn’t this really give you some significant boost in the way that you can engage with security, intercept and stop issues before they propagate? What is it about SDN that is good for security?

Knowing the state of the workload, is going to be critical to applying those traditional security controls.

Barry: As the edges of what has traditionally been rigid network boundaries become fluid as well, knowing the state of the network, knowing the state of the workload, is going to be critical to applying those traditional security controls. So we're really trying to tie all this together -- not only with our integration with Helion, but also utilizing the knowledge that the SDN Controller has of the data path. We can surface indications that compromise and maybe get you to a problem a little bit quicker than traditional methods.

Gardner: I always like to try to show and not just tell. Do you have any examples of organizations that are doing this, what it has done for them, and why it’s a path to even greater future benefits as they further virtualize and go to even larger hybrid environments?

Barry: Absolutely. I can’t name them by name, but one of the US’ largest carriers telcos is one of our customers. They came to us to solve a problem of that consistency of policy definition and enforcement across those hybrid platforms. So it’s amongst VMware and OpenStack workloads.

That's not only for the application of the security controls and not only for the visibility of the traffic, but also the evidence of assurance of compliance, being able to do mapping back to regulatory frameworks and things like that.

Agentless fashion

There are a couple of different use cases in there, but it’s really that notion where I can do it in an agentless fashion, and I think that’s an important thing to differentiate and point out about our solution. You don’t have to install an agent within the workload. We don’t require a presence inside the OS.

We're doing it just outside of the workload, at the hypervisor level. It’s key that we have the specific tailored integrations to the different hypervisor platforms, so we can abstract away the complexity of applying the security controls where you just have a single pane of glass. You define the security policy and it doesn’t matter which platform you're on, it’s going to be able to do it in that agentless fashion.

We're aware of it, and I think our method of doing the security control application is going to be the one that wins.

Gardner: Of course, the march of technology continues, and we're not just dealing with virtualization. We're now talking about containers, micro-services, composable infrastructure. How will your solution, in conjunction with HPE, adapt to that, and is there more of a role as you get closer to the edge, even out into the Internet of Things (IoT), where we're talking about all sorts of more discrete devices really extending the network in all directions?

Barry: As the workload types proliferate and we get fancier about how we virtualize, whether it’s using a container or a virtualization platform, and then the vast amount of IoT devices that are going to present themselves, we're working closely with the HPE team in lockstep as mass adoption of these technologies happens.

We have plans in place to solve platform by platform, and we believe taking an approach where we're looking at that specific problem and asking how we're going to attack this thing while keeping that bigger vision of, "We're still going to keep you in that same console and the method in which you apply the security is going to be the same."

Containers are a great example, something that we know we need to tackle, something that’s getting adopted in a fashion far more than I have ever seen with anything else. That’s a pretty exciting one. But at the end of the day, it’s a way of virtualizing a service or micro-services. We're aware of it, and I think our method of doing the security control application is going to be the one that wins.

Gardner: Pretty hard to secure a perimeter when there really isn’t a perimeter.

Barry: Perimeter is quickly fading, it seems.

Learn How
Cloud Protection Starts
With a Security-First Mindset

Gardner: OK, we'll have to leave it there. We've been exploring how increased virtualization across data centers translates into the need for new approaches to security, compliance, and governance. And we have seen how policy-based control over all virtual assets provides a greater protection and management for next-generation data centers. So a big thank you to our guest, Holland Barry, CTO at Catbird. Thank you, Holland

Barry: Pleasure to be here. Thank you.

Gardner: And a big thank you to our audience as well for joining us for this Hewlett Packard Enterprise Voice of the Customer interview. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this ongoing series of HPE-sponsored discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: Hewlett Packard Enterprise.

Transcript of a BriefingsDirect discussion on how increased virtualization across data centers translates into the need for new approaches to security, compliance, and governance. Copyright Interarbor Solutions, LLC, 2005-2016. All rights reserved.

You may also be interested in:

• Business unusual: How the Dell-EMC merger sends shockwaves across the global storage market
• Playtika bets on big data analytics to deliver captivating social gaming experiences
• Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cyber Security Across Application Lifecycles
• Intralinks Uses Hybrid Cloud to Blaze a Compliance Trail Across the Regulatory Minefield of Data Soveriegnty
• Redmonk analysts on best navigating the tricky path to DevOps adoption
• DevOps by design--A practical guide to effectively ushering DevOps into any organization
• Need for Fast Analytics in Healthcare Spurs Sogeti Converged Solutions Partnership Model
• HPE's composable infrastructure sets stage for hybrid market brokering role
• Nottingham Trent University Elevates Big Data's role to Improving Student Retention in Higher Education

Intralinks Uses Hybrid Cloud to Blaze a Compliance Trail Across the Regulatory Mine Field of Data Sovereignty

Transcript of a discussion on how data sovereignty regulations force enterprises to consider new approaches to data, intellectual property, and cloud collaboration services.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: Hewlett Packard Enterprise.

Dana Gardner: Hello, and welcome to the next edition of the Hewlett Packard Enterprise (HPE) transformation interview series. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host and moderator for this ongoing discussion on IT transformation and innovation -- and how it's making an impact on people's lives.

Gardner

Our next hybrid computing IT case study discussion explores how regulations around data sovereignty are forcing enterprises to consider new approaches to data, intellectual property, and cloud collaboration services.

As organizations move beyond their on-premises data centers, regulation and data sovereignty issues have become as important as the technical requirements for their infrastructure and applications.

To learn how organizations have been able to get the best of data control and protection -- along with business agility -- from hybrid cloud models, we're joined Richard Anstey, CTO at Intralinks, and he's based in London. Welcome, Richard.

HPE Cloud
HPE Helion
Click Here to Learn More

Anstey: Thank you, Dana. Nice to be here.

Gardner: Tell us about the trends that make data sovereignty so important as a consideration when organizations look at how and where to manage, house, and store their data.

Anstey: This is becoming a much more important topic. It has obviously been in the news very much recently in association with the Safe Harbor regulation having been effectively annulled by the European courts.

Anstey

This is the regulators catching up with the Internet. The Internet has been somewhat unregulated for a long time, and quite rightly, the national and regional authorities are putting in place the right protections to ensure that citizens’ data are looked after and treated with the respect they deserve.

So it's becoming more important for companies to understand the regulatory environment, even those organizations that did not previously feel that they were subject to such regulation.

Gardner: So the pendulum seems to have swung from the Wild West Internet toward greater security oversight.  Do we expect more laws across more jurisdictions to make placement of data more restricted? Are we seeing this pendulum swing more toward regulation?

Anstey: Yes, it’s certainly swinging that way, and the big one for the European Region of course is the General Data Protection Regulation (GDPR), which is the European Commission initiative to unify the regulations, at least across the European Union. But the pendulum is swinging toward a greater level of regulation.

Gardner: How about in Asia-Pacific (APAC) and North America, what’s happening there?

Global issue

Anstey: Post-Snowden, this has become much more of an issue globally, and certainly across APAC there have been some very specific regulations in place for sometime, Singapore Banking Authority being the famous one, but globally this is becoming much more of an important issue for companies to be aware of.

Gardner: So while the regulatory atmosphere is becoming more important for companies to keep track of, its also more onerous for them as businesses to comply. The Internet is still a very powerful tool and people want to take advantage of cloud models and compliant data lifecycle models. Tell us about Intralinks, and about how organizations can have the best of both protected data and cloud models.

Anstey: Intralinks is in the fortunate position of having been offering cloud services in highly regulated environments for almost 20 years now. Back when we were founded, which by the way was really before most people would do their shopping online, Intralinks was operating things called Virtual Data Rooms to facilitate very high value, market-moving transactions through effectively a cloud service. We didn’t call it cloud at that time; we called it software as a service (SaaS).

But Intralinks has come from this environment. We've always been operating in highly regulated environments, and so we're able to bring that expertise that we have built up over the last 20 years or so to bear on solving this problem for a wider range of organizations as the regulation really steps in to control a greater part of the services delivered over the Internet today.

Gardner: In a nutshell, how is it that you're able to do, in a highly regulated environment, what people think of as putting everything in a cloud?

Physical location may be one thing to think about, but there's another thing called logical location.

Anstey: Well, in a nutshell, it may be tricky, because there's lot to it. There's a lot of technology that goes into this. And there are a lot of dimensions around which you need to consider this problem. It's not just about the physical location of data. Although that may be important, there are other dimensions. Physical location may be one thing to think about, but there's another thing called logical location.

The logical location is defined as the location of the control point of the encryption as opposed to the location of highly encrypted data, which many people would argue is somewhat irrelevant. If it's sufficiently encrypted, it doesn't matter where it is. The location of the key is actually more important than who controls that key, and more important than where your encrypted data lives.

In fact, we all implicitly accept that principle. When you use your online bank, you don't know the route that that information takes between your home computer and the bank. It may well be routed across the Atlantic, based on conditions of the Internet. You just don't know, and yet we implicitly accept that because it's encrypted in transit, it doesn't really matter what route it takes.

So there is the physical location and the logical location, but there is still also the legal location, which might be to what jurisdiction this information pertains. Perhaps it pertains to a citizen of a certain country, and so there is a legal location angle to consider.

And there is also a political location to consider, which may be, for example, the jurisdiction under which the service provider is operating and where the headquarters of that service provider is.

Four dimensions

There are four dimensions already, but there is another one as well, which is the time dimension. While it may be suitable for you to share information with a third party in perhaps a different jurisdiction for a period of time, the moment that business agreement comes to an end, or perhaps the purpose or the project for which that information was being used has come to an end, you also need to be able to clear it up.

You need to tidy up and remove those things over time and make sure that just because that particular information-sharing activity was valid at one point, it doesn't mean that that’s true forever, and so you need to take the responsibility to clear it up. So there are technologies that you can bring to bear to make that happen as well.

Gardner: It sounds as if there is a full spectrum, a marketplace, of different solutions and approaches to suit whatever particular issues an organization needs in order to satisfy the regulatory, audit, and other security requirements.

Tell us about how you have been working with HPE to increase this marketplace and solve data sovereignty issues as they become more prominent in more places.

Anstey: The thing that HPE really helps us with is the fact that while we've been able for quite a long time to have data centers in multiple regions -- as the regulation and the requirements of our customers grow -- we need to be even more agile with bringing new workloads up and running in different locations.

With HPE Helion OpenStack we're able to spin up a new environment -- a new data center perhaps, or a new service -- to run in a new location far more quickly and more cost effectively than we would otherwise be able to if we were starting from the ground-up.

HPE Cloud
HPE Helion
Click Here to Learn More

Gardner: So it's important to not just be able to take advantage of cloud conceptually, but to be able to move those cloud data centers, have the fungibility, if you will, of a cloud infrastructure, a standardized approach that can be accepted in many different data-center locations, many different jurisdictions.

Is that the case, and what can we expect for the depth and reach of your services? Are you truly global?

Anstey: We are certainly truly global. We've been operating right across the world for a number of years now. The key elements that we require from this infrastructure are things like workload portability and the ability to plug into additional service providers at any time we need to be able to create a truly distributed platform.

In order to do that, you need some kind of cloud operating system, and that's what we feel we get from the HPE Helion OpenStack technology. It means that we have become much more portable to move our services around whenever we need to.

Gardner: When you're an organization and you know that there's that data portability, that there's a true global footprint for your data that you can comply with the regulations, what does that do for you as a business?

How does this, from a business perspective, benefit your bottom line? How does it translate into business terms?

Enormous uncertainty

Anstey: The key thing to realize is that there has been an enormous amount of uncertainty, and in a way, the closure of the Safe Harbor agreement has been a good thing in that there was always some doubt over its applicability and its suitability. If you'll forgive the pun, there was a cloud hanging over it. When you remove that, you still have to get a little bit more certainty, of ... "Well, that thing definitely doesn't work and so we need to have a different structure."

Nevertheless, what happens in that environment of uncertainty is that people start to play it safe and they start to think, "This cloud thing is a bit scary. Maybe we should just do it all ourselves, or maybe we should only consider private cloud deployments." When you do that, you cut off the huge options and agility that's available from using the cloud to its full extent.

What would be a bad thing is if, as the pendulum swings, as you described, toward regulation, people retreat and give up and say, "This Internet thing, we don’t want to do that. We're going to reverse the trends and the huge technological advances that we've been able to leverage over the last 10 years of growth of cloud."

We believe that by building technology in the way that we are able to construct it, with all of those options associated with ways in which you can demonstrably prove that you are responsibly looking after data over time, you don't have to sacrifice the agility of the cloud in order to adhere to the regulations as they come in.

The net is cast wider and wider for the regulation, to the point where any company that deals with personal data and needs to use that data for legitimate business purposes will now be covered by regulation.

Gardner: We've talked about data sovereignty from a geographic perspective, but how about vertical industries? Are there certain industries that require that global reach, but also need to be highly regulated?

Anstey: The vast majority of the global banks are our customers already. We also have a very large footprint in the life sciences, which often has a similar nature in terms of the level of regulation, especially if you're dealing with patient data in the field of clinical trials, for example.

But the reality is that, as this pendulum swings, the net is cast wider and wider for the regulation, to the point where any company that deals with personal data and needs to use that data for legitimate business purposes will now be covered by regulation. This isn't just guidance now.

When we get through to the next level of EU regulation, there are some serious fines, including criminal penalties for executives and fines of up to two percent of global revenue, which really makes people wake up. It will make a far wider group of companies wake up than the previous ones who knew that they were operating in a strict regulatory framework.

Gardner: So in other words, this probably is going to pertain to many more industries than they may have thought. This is really something that’s going to hit home for just about everybody.

Anstey: Absolutely. Every industry becomes a regulated industry at that point, when to do business you need to handle the type of data that gets covered by the regulation, especially if you are operating in the EU, but as we described, with more to follow.

Gardner: I'm afraid we will have to leave it there. We've been exploring issues around data sovereignty and how it's forcing enterprises to consider new approaches to data, intellectual property and cloud collaboration.

HPE Cloud
HPE Helion
Click Here to Learn More

We have heard from Intralinks, based in New York, about how they have developed Virtual Data Rooms and are working with HPE to extend their services to virtually any market around the world.

So a big thank you to our guest, Richard Anstey, CTO at Intralinks. Thank you, Richard.

Anstey: Thank you very much.

Gardner: And a big thank you as well to our audience for joining us for this Hewlett Packard Enterprise transformation and innovation interview. I’m Dana Gardner, Principal Analyst at Interarbor Solutions, your host for this ongoing series of HPE-sponsored discussions. Thanks again for listening, and come back next time.

Listen to the podcast. Find it on iTunes. Get the mobile app. Download the transcript. Sponsor: Hewlett Packard Enterprise.

Transcript of a discussion on how data sovereignty regulations force enterprises to consider new approaches to data, intellectual property, and cloud collaboration services.
Copyright Interarbor Solutions, LLC, 2005-2016. All rights reserved.

You may also be interested in:

• ITSM automation and intelligence gains deliver self-service help to more users
• How Etsy uses big data for ecommerce to put buyers and sellers in the best light
• IoT plus big data analytics translate into better services management at Auckland Transport
• How HPE’s internal DevOps paved the way for speed in global software delivery
• Extreme Apps approach to analysis makes on-site retail experience king again
• How New York Genome Center Manages the Massive Data Generated from DNA Sequencing
• The UNIX evolution: A history of innovation reaches an unprecedented 20-year milestone
• Redmonk analysts on best navigating the tricky path to DevOps adoption
• DevOps by design--A practical guide to effectively ushering DevOps into any organization
• Need for Fast Analytics in Healthcare Spurs Sogeti Converged Solutions Partnership Model
• HPE's composable infrastructure sets stage for hybrid market brokering role
• Nottingham Trent University Elevates Big Data's role to Improving Student Retention in Higher Education
• Forrester analyst Kurt Bittner on the inevitability of DevOps

Hastening Trends Around Cloud, Mobile Push Application Transformation as Priority, Says Research

Edited transcript of a sponsored podcast discussion on converging forces compelling enterprises to take a close look at their application portfolios.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Dana Gardner: Hi, this is Dana Gardner, Principal Analyst at Interarbor Solutions, and you're listening to BriefingsDirect.

Today, we present a sponsored podcast discussion on the fast-moving trends supporting the rationale for application transformation. We will see how these same trends are pointing to a deeper payoff from the well-managed embrace of hybrid computing models.

An added requirement for application transformation is to make them available more securely, even in these hybrid implementations, while adding automation and governance features across their entire service lifecycle. We also have some new research that describes how top level enterprise executives are reacting to these fast-moving trends, buffeting nearly all global businesses. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Lastly, we'll examine some new products and services from HP designed to help companies move safely, yet directly, to transform their applications, improve their hosting options, and free up resources that can be used to provide the innovation needed to support better business processes. It's and the support of business processes, after all, that’s the real goal of these activities.

I'm here with an HP application transformation expert to dig into the new research and to better understand HP’s response to these market and technology shifts. Please join me now in welcoming Paul Evans, Worldwide Lead for Application Transformation for HP Enterprise Business. Welcome back, Paul.

Paul Evans: Thank you, Dana.

Gardner: Let's dig into these some of these trends. We're looking at things that are moving very rapidly. We have some mega trends. We're looking at new business models. We're still digging our way out of a very deep recession. Paul, give me the landscape, if you will, of what’s going on and why now is such an opportune time to look at applications.

Evans: We see three mega trends, and we validate this with customers. We haven’t just made these up. And, the three mega trends really come down to firstly that people are evolving their business models.

When you get recessionary periods, hyper growth in particular markets, and the injection of new technologies, people look at how to make money and how to save money. They look at their business model and see they can make a change there. Of course, if you change the business model, then that means you change the business process. If you change the business process, the digital expression of a business process is an application. So, people need to change their apps.

So, you change your model and the process and need to change your app, because for most people now, the app is pretty much the digital expression of their business. For many of us, when we go online or do some form of transaction, at the end of the day, it’s an app that is authenticating this, validating the transaction, making the transaction, whatever it may be. That’s one mega trend we see happening.

The second mega trend is that technology innovation just keeps on going, whether it’s the infusion of cloud architectures that people are looking towards, or the whole mega trend around mobile connectivity. That is a game changer in their mind. It’s a radical transformational time for applications, as they accommodate and exploit those technologies.

No precedent

Some people just accommodate them and say, "Okay, we can do things better, maybe less expensively. We can be more innovative, more flexible in this way, or maybe we can do things differently. Maybe we can do things like we have never ever done them before."

I don’t believe there's any precedent for the mobile evolution that we're going to see coming towards us through smartphones, pads, or whatever it may be.

We can't look back over our shoulder and say, "What we did five years ago we'll just do that again, and it will be wonderful." I don’t think there is any precedent here. There is an opportunity for people to do some really innovative things.

Third, it’s the whole nature of the changing workforce. The expectations of people that are joining with the community every day on the net is very different from the people at the other end of the spectrum and their experience.

When we look at young people joining the net and when we look at young people coming into the workforce, their expectation is very high in terms of what they want, what they need, and what they would like to achieve. This is in terms of the tools they utilize, whether it’s social networking, whether it’s just the fact that their view is that they are sort of always on the network, whether it’s through their mobile or whether it’s through their notebook or whatever device they use.

When we look at young people joining the net and when we look at young people coming into the workforce, their expectation is very high.

They're always on, and therefore the expectations of those people who are going to be with us now for the next 60-70 years is starting from a position of, we have always known the web, we have always liked the web, we have always had the web. So their view is, we just want to see more of it and better. We want to see things as services rather than processes. The expectation of those people is also having a lot of effect. Those three mega trends affect the way that organizations have to respond.

Gardner: Applications, of course, have been very important for quite some time, whether the computing model was mainframe or client-server, or distributed web. What strikes me as different now, Paul, is that these applications are coming from different places, and we're using bits and pieces of applications to support processes and we need to have them accessible at any given time, hence your instant-on. We're looking at not only a shift in technology, but even the definition of an application is up for grabs. Would you agree with that?

Evans: Oh yeah, and this area is so close to my heart. There were days when you got most of your apps from the IT function, because they were central. So you got a window onto them. You got a device that allowed you to access them.

We went through the PC revolution and we all wandered off to the store on weekends and bought that shrink-wrapped software, which, of course, drove the IT function crazy, because then every desktop was different and we got support issues.

Then, you wanted a bigger PC because you were running more software, even though the IT function didn’t actually support the software. So, you had sort of anarchy breaking out. Then you had the response to the anarchy which was, "No, there will be a desktop. It will be this. It will have this suite of software. And, God forbid you put anything extra on it.

So, people did the obvious thing. Well, they said, okay, fine, we'll do it at home then. They built an environment at home that reflected their lifestyle, their wants, their preferences, their platforms, and apps.

Mobile platform

Then, the walls started to come down, because once we got into this whole notion of the mobile platform, people realized that they can sit at home and download apps, a lot of them for non-business purposes, games, or whatever, but a lot of them for data access, data manipulation, and data presentation.

So, there were a lot of guys sitting at home in the evening -- and when I say guys, I mean in the generic sense, male and female -- saying, "I can do this better. I can make this look nicer. I can do this processing on a device that I can just sit on my couch while watching the TV and do something with."

The whole expectation around the application is changing and I think it’s irreversible. We're not going to go backwards. We're going to keep on driving forward, because people like HP and others see the real value here. We're going to start to have a different approach to apps. It’s going to be more component driven and it’s not going to be monolithic.

We have to go away from the monolithic app anyway, because it’s not a flexible device. It's not something that easily delivers innovation and agility. People have already understood that the cost of maintaining those monolithic, legacy applications is not acceptable.

On the front side of that, there are people who say that the future holds great things. The future holds the ability for us to not only download apps, but maybe download components of apps. Whereas mashups today are in the realm of the more technically oriented, mashups are going to find their way into our everyday life.

The future holds the ability for us to not only download apps, but maybe download components of apps.

People do it today. They send an email to their friend and say, "By the way, if you want to come to my house, here is the link to the map with the driving direction." It’s a very simple mashup, but it's something that is very effective.

We're going to get far more sophisticated in how we do those things, and they'll be tailored to this whole notion of context awareness. So, they'll understand where they are and what they're doing. Things will change by virtue of the context of the person, where they're based or what device they are using.

I really get excited by the fact we're just starting down that road, and there is a lot of good stuff more to come.

Gardner: So, people are going to have the ability with their business processes, just as they do in their personal lives, to intercept and react to events, to data, and to changes. They're going to do this 24x7, based on what works for them or what’s important for those business processes.

It sounds like we’re into an instant-on enterprise always and forever. That's the vision. It seems inevitable. Many organizations are well into this, but it seems that CIOs are caught in the middle, if the expectations are high, but their capabilities are rooted in the past.

What's going on with these higher-level business executives who see and appreciate the vision and understand how this will benefit their business, but aren’t quite sure how to get there?

Blurring lines

Evans: You're right. You put it in a nutshell. In a way it's sad when we say our personal lives and our business lives are blurred into one. If I'm talking to a lot of customers at the same time, maybe I’ve got a regional audience, I'll ask how many people do email on their holiday? I never actually want to know the answer, because I know what the answer is going to be. About 95 percent of the hands go up.

So, do we ever switch off? The answer is probably no. Maybe we just switch off a little bit of the time, but this whole notion these days of always on, instant-on, or whatever is something that unfortunately is here to stay. We just have to be somewhat disciplined, sometimes saying that we don’t need to be on today. We could afford a day off.

If I'm a CIO or in senior leadership of any organization, I look one way and I see that the apps are actually running my business today or they’re making my profit, measuring my profit, measuring my revenue. Those apps have a real value, because they have embedded intellectual property that means something.

It's not a productivity app. Productivity apps are relatively straightforward, because you could get that from somewhere else. I could potentially get it at a different price, and we really do talk to our customers very hard about that.

We tell them to understand what's core to the business and understand what is productivity. Because if it's productivity, which is not going to give you any fundamental differentiation, then you really should be purchasing at the lowest possible price.

If you're looking at core applications, something that is fundamental to your business, they're not so easy to just move around.

You can look at an on-premise supply, you can look at off-premise, you can look at outsourcing or out-tasking, or you can look to the cloud. There are a lot more choices available to people who maybe could lower the cost, and that has a direct impact on the bottom line.

But, if you're looking at core applications, something that is fundamental to your business, they're not so easy to just move around. The CIO looks at those and say, "I’ve got this massive investment. What do I do?" Then, he swings around and sees the world of cloud and mobile heading towards them and says, "Now I'm challenged, because the CFO or CEO is telling me I need performance improvement, if I need to get into these new markets whatever it maybe."

At the same time, they needs to cut cost, be really innovative, and explore all these new technologies. He wants to understand what he's going to do with the old ones, which may take money and funding to achieve. At the same time, he wants to exploit and be innovative with the new. That’s a very difficult position to sit in the middle of and not feel the stretches and strains.

We sit with the CEOs on their side of the table and try and understand the balance of what business is looking to achieve, whether that would be improvement in product delivery or marketing and customer satisfaction. The things that people look to a technology group for and say, "Our website experience is losing its market share. Do something about it," that’s in the CIO’s regime. He looks around the other way and says, "But, I have got all these line of business guys that also want me to keep on making product or making whatever and I need to understand what I do with legacy."

So, we sit on their side of the table and say let's make a list, let's prioritize, let's understand some of the fundamentals of good business and your technology and come up with a list of actionable items. You got to have a plan that is not 12 months, because this is not a 12-month thing.

Gardner: You and I spoke recently about the pace here. We’ve seen the transitions over the past 15 or 20 years, but I don’t think either one of us has seen anything happen quite as rapidly as this mobile, cloud, data, and behavioral shift. They all reinforce one another. Now, you wanted to plumb into that and find out a bit more. So, you’ve done some research. Here in the spring of 2011, people understand that the stopwatch has been clicked, the time is ticking. What were some of your findings?

Fundamental audience

Evans: We actually went to the C-suite -- the CEO, CIO, and CFO -- and just tried to understand from them how they see things, because they are clearly a fundamental audience that we need to work with and understand their opinions and how their opinions have changed.

Two or three years ago, during the heavy economic times, cost was all it was all about. Take cost out. Take cost out. Don’t worry about the functionality; I need to take cost out. Now, that’s changed. We've seen, both from the public and the private sector, the view that we've got to be innovative. Innovation is going to be the way we keep ourselves different, keep ourselves alive the way we move forward.

A business requirement is that we need to innovate. If we stand still, we're probably going backwards. I know that sounds ridiculous, but you have do more than just keep up to speed. You've got to accelerate. And, we asked the C-suite if innovation therefore is important.

Ninety five percent of the people we talked to said innovation is key to the success of the organization. As I said, that was both public and private. Of course, the private sector would, but why would the public sector, because they don't have any competition? But, they are serving citizens who have expectations and want the same level of service that we see from a private organization in the public domain.

So, one, the audience said to us that innovation is key. Two, we didn’t see any massive difference between public and private. Then, we asked them how they relate innovation and technology. Basically, they told us that technology is the innovation engine. It is the thing that makes them innovative. They're going to have new products and new services, but whether the technology is involved in the front end or the back end of that, it’s involved. It’s not an administration function anymore. It's the life blood of what they do.

They told us that technology is the innovation engine. It is the thing that makes them innovative.

So it's not HP saying this. It's our customer saying to us that technology would be the engine that they will use to be innovative going forward. We told them, "Well, technology is a big thing. Are are we talking about mobiles? Are we talking about blade servers? What do you see?

Applications and software that derive more flexible process was the number one area where they would invest first, across all the audiences. So, their view was that they know there are lots of pieces for technology, but if they want to innovate, they see that applications and software is the vehicle that gets them there.

Gardner: They really want to see the expression of the technology and not to be so consumed with the technology itself.

Evans: As I said earlier, we use this term that technology is the digital expression of the business process. It is the business process, and we do it in a digital environment, in a digital fabric, you might say.

Actually, customers will say, "Do you agree with this or disagree with this? What do you think?" And we can give them any of our opinions to start with, but unanimously CEO, CFO, CIO came back and said that applications and software are what it's all about.

Focus on applications

There were three times more votes for that than the second place choice, which was to invest in more people. What it’s saying is that we could apply more people to our process, but way ahead of anything was that we've got to focus on applications in software.

Gardner: You're not going to succeed, if you can’t do that. How is HP responding to this? Now that you understand that their priorities are becoming more in tune with where you've seen the market going for some time, what is your response? What do you take back from that?

Evans: For a long time, it felt like we are bashing our head against a brick wall. We've seen that clients are spending 70-80 percent of their IT budgets on maintenance. The smart guys in the company look around and say that doesn't feel right.

Around 2005, internally, we had a new CIO, Randy Mott come on board. He looked around and clearly felt that there was room for improvement. Our IT costs were not great -- about four percent of revenue, which for an IT organization wasn’t bad. His view was that he could get it down to two, and could make it more flexible, more adaptive, more agile, and more innovative at the same time.

It’s a well-documented case study that HP went through this rationalization, this application portfolio. We went from 7,000 apps to 2,000. Then, we turn our attention to our customers and we see our customers struggling with the same thing.

Since the downturn, there's been a reawakening. Not only are you going to save money, but you're going to do more with less in terms of financials.

For the last year or two, we felt sometimes like an endangered species and banging our heads against the wall saying that we believe it’s the portfolio. Some people, although they appreciated the advice, sometimes ignored it. Maybe before the economic downturn, their view was that is was costing a lot of money, but they could afford a lot of money.

Since the downturn, there's been a reawakening. Not only are you going to save money, but you're going to do more with less in terms of financials. More importantly, you're going to have to get some differential innovation going.

If you look like anybody else, why is anyone going to come to you? If you're going to commoditize, some companies may not want to live in a commoditized environment. So, they need to be different. They need to have something special and treat their customers, products, or services in a different way.

We've been actively on this trail of wanting to help customers get hold of those portfolios, and, you might say, do a bit of spring cleaning. With the acquisition of EDS, we got a lot of people who not so much understood HP, but actually understood other than those environments, so that we could bridge that gap. When a customer says, "I'm running a mainframe. You probably don’t understand those," yes, we do.

What to keep

When a CIO says, "What do I do now? What do I go with? The bulk of my apps are running on the mainframe, and I have a funny feeling I don’t need to do that," we can have a joined-up conversation about how they can migrate from that environment and we understand the nuances. We don't just say to take everything is off the mainframe. We're not that naïve. We try to understand what they should keep, what they should change, and what they should retire.

Gardner: Paul, we've spoken a bit about a changed set of requirements here. It’s not just a matter of sloughing off old apps and it’s not just a matter of moving from one compute style to another. We're talking about transformation in terms of what applications actually are, where they come from internal clouds, on premises, or maybe from external clouds. But, we also need to make sure that we've got security and automation, otherwise it doesn’t scale. It becomes more chaotic, and we also need to govern across these different hosting environments.

So, it’s really a very substantial undertaking. How is it that these people don’t feel overwhelmed? What do you bring to them in terms of products and services that helps set the table rather than put them into a deep depression?

Evans: Well, there's nothing I can do about depression, but I’ll try. Anyone who's been keeping their eyes on HP for a while would have seen some significant investments, especially in the software area,, and this preceded the research where customers are telling us that apps and software are pretty important.

The investments in companies like ArcSight and Fortify have been there because, as they say in ice hockey terms, we're trying to predict where the puck is going to go, and we're trying to move towards where the puck will be, as opposed to where it is now.

We've been investing in acquisitions, but also investing in internal R&D, looking at the customer’s environment to see what things are really top of mind.

We've been investing in acquisitions, but also investing in internal R&D, looking at the customer’s environment to see what things are really top of mind. Effectively, we know this change is irreversible. The technology industry, whether you like it or not, never goes backwards.

As I heard on a television program, we are compelled to travel into the future. It’s not being corny. That’s what we're doing. We're looking at this, so the new range of products and services that we're bringing out are around several of those core areas.

One, is that people need to get a real good handle on what they've got. A lot of CIOs we meet and a lot of people we talk to the IT function will openly admit that they have a no clear idea what their portfolio looks like. They don’t know how much it’s costing them. They don’t know what the components are. They don’t know how well they're aligned for the business.

They don’t know what sort of technology underpinnings they've got and what sort of security level they're implementing. That sounds like a pretty terrible picture, but unfortunately it’s pretty much reality. There are definite clients we meet who do know, but they're pretty rare.

Gardner: That's what I find as well -- people really don't know what they’ve got.

Application portfolio management

Evans: You’ve to get your head around that first, because if you don't know what you’ve got, then how the hell can you move forward? So, we've invested a lot in Application Portfolio Management, a new software product, combined that with a whole portfolio of services to exploit it, which really gives people a very rich graphical environment and the ability to understand the portfolio and make decisions.

That's an area we're paying real attention to, because we believe that unless people get that clear line of sight on their sampled portfolio, they're going to have a challenge. Basically, we get a lot of questions. One is, "I've got an applications portfolio. What should I move to the cloud, assuming it’s private? Should I move all of it?" It's probably unlikely you're going to move everything to the cloud, because moving stuff like intellectual property may not be such a good idea.

This whole notion of where we've been in the past -- service-oriented architecture (SOA) and shared services -- is a real underpinning. Some people think SOA died. SOA did not die. It's actually one of the technological underpinnings for going forward in creating these shared services which we're going to be calling a cloud environment.

We tell people we can help them understand which apps are fit to go to the cloud and should go to the cloud. This is how we get them to the cloud. By the way, we'll also tell you the ones that shouldn't.

We get that question a lot. Of course, when you talk cloud, you invariably get people talking about the biggest excuse not to go to cloud, which is that it's not secure.

Unfortunately, there are unscrupulous people who know their way around certain bolt-ons, and have a way of infiltrating.

As I said, we're into irreversible change. We know there may be challenges, which is why the acquisition of companies like ArcSight and Fortify, and what we have brought out recently with the application securities in the product have really changed the rules on security, not to view this as a bolt on.

Anybody that is familiar with the notion of a stack knows we go from hardware at the bottom to application at the top with all the intermediate layers. We could bolt on a security enhancement to a piece of the stack with the view that we’ll stop you coming in.

Unfortunately, as you are aware, there are unscrupulous people who know their way around certain bolt-ons, and have a way of infiltrating. From reports in the press, it’s very clear about what can happen when they do. We've taken is a totally different approach.

Make security something that is inherent within the whole process. So that once you are through the gatekeeper, you can't just have a lot of fun and games inside the code. Once you are in, you're not going to get very far. Also, monitor this in real-time. Don't make this a static process, make it a dynamic process, so that you can dynamically see vulnerabilities and react to those in real-time.

So, it would be the software is saying that it's going to stop this, and stop us from having a problem. There's a big investment for us in this whole notion of security.

Gardner: The security cuts across these products. You’ve talked about an application portfolio management product. What else is coming out here in April?

Hybrid delivery

Evans: Well, obviously, this whole notion of hybrid delivery with the cloud, and looking at different models to deliver things. People are coming to us and saying that they have some productivity applications that maybe they shouldn't be running in an extremely expensive environment. We see a lot of people who run an app on a mainframe. We ask why, and the user responds because they always have. Maybe it's time that it didn’t.

If you're short of cash and trying to be innovative, why would you want to spend a whole truck of cash on something that you don't need to. Go and spend it on something you should.

We need to help people understand how they can migrate their productivity up. Microsoft Exchange is a good example. Big productivity -- messaging is a productivity. Yes, it helps people do what they do every day.

If I'm running Exchange, I can move this to a private cloud environment, still within my firewall. The biggest challenge everybody faces is . how do you provision for it? How much infrastructure do I need to give people the response they are looking for?

The point is how to separate environments that can smooth those peaks and troughs. We believe exchange services for private cloud is the way to do that.

Now, everyone runs out of processing power and everyone runs out of storage. I do every day, especially storage. But, the point is how to separate environments that can smooth those peaks and troughs. We believe exchange services for private cloud is the way to do that.

The flip side is that people that are using the Microsoft Dynamics customer relationship management (CRM) package. Maybe they don’t want to be in the CRM business. They want to build relationships with customers, want to understand who they are and
what they are. Maybe they don’t want to be in the whole provisioning business.

So, what we're offering is what we call Enterprise Cloud Services for Microsoft Dynamics CRM, which says we will put this on our service. The customer just buys a service through the net and pays per usage. If they don’t use it, they don’t pay.

We're going to see a lot more of that style of hybrid delivery where you pay per use. What I want, I use, and I pay for. What I don’t want, I put it back. I don’t have to take any responsibility for infrastructure and storage and all the stuff that goes with it. I want to give that responsibility to someone else and get on with my core business.

Gardner: Let me make sure I understand. You're talking about Microsoft Exchange, email collaboration, personal information manager (PIM). These are very important and aren’t going away, but the way in which you utilize your resources might shift. I think you are saying it's a software-as-a-service (SaaS) model, but not necessarily, purely a SaaS model. It’s kind of shared services -- consume as you need and then pay as you consume.

SaaS model

Evans: It’s a SaaS model and other options. There was a model once where everyone was on premises. Then, the whole notion of outsourcing came in, and people looked at that and felt it was pretty good. So, they went to outsourcing.

We believe that this whole notion will be called "hybrid delivery." It will be a mixture of all of them -- on premises, off premised, people running services inside their firewall as private clouds. It’s actually a public provision service where it will be provisioned for them outside their firewall and then they buy what they want.

Also, one of the components of the announcement we are bringing out is what we call Cloud Service Automation, which we're extremely proud of. This is really for the people who want to get a cloud service up and running, want to do it fast, and don’t want to have to spend the next two years playing computer scientist. They want to get up, running, provisioned, and out there.

It just shows the pace of this market. We brought version one of this product out in January. In April, we're bringing out the next version with a significant level of enhancement around provisioning and manageability, and 4000 scripts embedded. So, people can just assemble things.

Back to the question you asked me earlier about the way the apps are going, this is really assembling procedures where the customer wants to do and can through a drag-and-drop environment. Some people view that as nearly impossible.

This is what we call fundamental building blocks of people that are looking to deploy a cloud environment.

Cloud Service Automation runs on the cloud system, which is enabled by BladeSystem Matrix. What that’s doing is provisioning an infrastructure, giving people the choices of network components, upgrading systems, and their virtualization environment. All of this is through drag-and-drop. It's just staring at the screen and saying they want Linux on that, HP-UX on that, Windows on that, and a VMware on that, and then drop it on.

Then, taking applications again, they want a database here, and all of this by magic happens in the background. And then the real clever bit will provision this for 10,000 transactions an hour. All of a sudden, they hit 11,000 transactions. Now, what happens? We can already program it so that, if we hit 11,000, we're going to burst out and go to another service provider, who we trust, that will take that peak loading. When the peak loading is complete, it will return back into the original environment.

So this is what we call fundamental building blocks of people that are looking to deploy a cloud environment.

Gardner: This sounds exciting, because we're giving people really what they want, which is the ability to be flexible. We are giving the architect the role of deciding how systems work, rather than the administrator, but you are also targeting some very important application sets, collaboration and communication and then CRM.

But if this works for those two application sets, it should work for others. So, I assume that this is just the beginning in terms of the applications you are going to be giving the same treatment?

Irreversible change

Evans: Well, I think we can blue sky it out and say that this is the way it’s going to be. As I said, irreversible change, compelled to travel in the future, all that. But, there is some real sort of down to earth tactical things you’ve got to think about.

Take for example, the client environment. We’ve talked a lot about the server, but the client world is changing at a high speed by virtue of people’s desire to use devices that are not chained to the desk anymore -- whether that’s more portable, notebook type machines, smartphones, pads or whatever. You’ve also got to take into account the fact that there are a lot of enterprise applications that you still use on traditional desktop PCs. You can't ignore those and should not.

A year after launching, about 13 percent of the Windows XP base moved to Windows Vista. So, the bulk of the market stayed with XP for whatever reason. Now,. they're saying they need to make that move, but some of these desktop apps are pretty sophisticated. This is not just simple productivity stuff. This is a part of the enterprise portfolio. Therefore, they also need to get worried about it big time and fairly quickly.

So what we’ve done for our customers is to look at their volume, their desktop environment, and come up with what apps they've got, what they do, are they useful, do they need all of them, could they get rid of some? The ones they want to move forward, do they need to change? Obviously, there are functional differences between XP and Windows 7.

We know all the gotchas. When you’ve used the special feature inside XP, we know how that will translate to Windows 7.

We’ve got some background in this. We’ve got some skills. We’ve actually set up a factory environment, because we think this is a volume thing. This is not ones and twos. This is volume.

By virtue of our knowledge and experience we can give you a very good return on your investment because we know all of the differences. We know all the gotchas. When you’ve used the special feature inside XP, we know how that will translate to Windows 7.

By the way, we can also tell you some things in Windows 7 that you maybe want to use, because that could make your environment more secure, more robust, more whatever. So we’re setting that up as a piece of our application transformation portfolio. As I said, it's not just the client world, but it's the server world as well.

Gardner: How about some examples? Do you have any folks that have been doing this already, that are deploying in this fashion, leveraging for innovation, transforming applications, targeting certain apps and then taking them to a hybrid model? Tell me a little bit about them and what the payoffs are? It's still perhaps a little hypothetical to say if you do this, you get blank, but what's actually happening on the street?

Evans: We’ve actually set up a new program called The Re-Inventors. These are people who have taken a position that innovation is what it's about. The status-quo is not going to get them to where they're going to be. Our first re-inventor came from DreamWorks and talks about the exploitation of fundamental technologies from HP.

Public sector

The second re-inventor we’re announcing is the Flemish Government. Although they're in the public sector, their view was that they cannot continue with paper-based processes. They're inaccurate, inefficient, and ineffective. We’re promoting that as a part of our re-inventors program who demonstrated that they took a very much a paper-based environment and put it into the digital world. They used the digital expression, and are providing a level of service to their citizens that is second to none.

As I said, there is always this view that the public sector has no competition, so why do they have to do this, but they do. If people have the right motivations, and a sense of service, deploying the digitally-based solutions, rather than manual, is absolutely the way to go. That’s what we’re talking about in terms of this new re-inventors program and specifically the Flemish Government.

Gardner: For those folks who have not yet taken the plunge, but see the writing on the wall, how does one get started? How can we learn more about the research that you’ve done and some of the findings and also some of these products that you run out during April.

Evans: People just need to get to their heads around it, because we appreciate it. There are some big questions to answer. We don’t trivialize this. This is not a game. This is serious. Serious problems need serious people to respond.

We have our traditional URL, which is relatively simple, hp.com/go/applicationtransformation. There, you can then go off and explore things that will interest you.

This is not a game. This is serious. Serious problems need serious people to respond.

At a higher level, if people are interested in this whole Re-inventors Program, we have another URL which may be an even better starting point -- www.hp.com/go/instanton. There you can learn about the Re-inventors Program, whether app trends, hybrid delivery, or whatever. It's meant to be a resource pool, where you can just sit down and say, "I'm interested in this. Can I find the persons in the same industry as me doing this. Can I go and read about that?"

In the application transformation space as, we set up a TV channel on what we call HP TV. There is a link on the website. You can listen to HP material. You can listen to customers -- the Italian Ministry of Education or the New York Stock Exchange, among others. You can hear Gartner analysts talk about the future of applications, what this whole notion of context-aware or cloud or mobility means. Massimo Pezzini from Gartner is on there talking about that.

We're saying to people that we're trying to help. If they want more, they can come and tell us, whether it's the whole program, which is this whole instant-on program, or whether it’s dropping down into any one of the solution areas like app transformation.

It tells people not only that here’s HP and this is what we do, but we also believe people need some context. It's not only HP, but I want to understand what other people think. We're trying to create that sort of pull. So, we have a link on the CIO Magazine for people who want to join a community.

We're just trying to help people see that this is really important. We have been sort of screaming and shouting for the last year or two, and we believe that people are really onto this now. HP has a role to play in pointing people in the right direction.

Gardner: Thank you Paul. We've been listening to a sponsored podcast discussion on the fast moving trends and some new product supporting the need for application transformation and leveraging hybrid computing models. I want to thank our guest. We've been here with Paul Evans, Worldwide Lead for Application Transformation for HP Enterprise Business. Thanks so much, Paul.

Evans: Thanks, Dana.

Gardner: This is Dana Gardner, Principal Analyst at Interarbor Solutions. Thanks for listening and come back next time.

Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Sponsor: HP.

Edited transcript of a sponsored podcast discussion on converging forces compelling enterprises to take a close look at their application portfolios. Copyright Interarbor Solutions, LLC, 2005-2011. All rights reserved.

You may also be interested in:

• HP Software GM Jonathan Rende on How ALM Enables IT to Modernize Business Faster
• HP Premier Services Closes Gap Between Single Point of Accountability and Software Sprawl
• HP's Kevin Bury on How Cloud and SaaS Will Help Pave the Way to Increased Efficiency in IT Budgets for 2011
• HP's Instant-On Enterprise Initiative Takes Aim at Shifting Needs of Business and Government