Secure Innovation

I recently hosted a panel on the topic of Information Security and framed our discussion around the concept of Secure Innovation. Information Security is often viewed as a roadblock to innovation and an obstruction to moving quickly in a highly competitive environment. The panel focused on how to foster innovation and leverage security as a competitive advantage, and provided strategies that can be quickly implemented to achieve the overall goal of secure innovation.

Each panelist provided openings statements on their experience with innovation that required a high level of security and privacy, and led to pragmatic solutions to challenges in this area. One of our goals from the panel was that CIOs would have 2-3 things they could immediately implement when they got back to their desk.

We covered a number of compelling questions across People, Process, Technology, with some of the key remarks conveyed in the following:

CISO at an early stage security startup

What are your recommendations on sourcing, as you can’t do all of this in-house today?

You need to be creative in your staffing solutions; it is very hard to hire experienced staff. We recommend getting less experienced staff and training them. The Merritt College Cybersecurity program is a great source and example of this model.

What do you recommend on security reporting relationships (CIO, CEO, COO)?

I report to the CEO directly as it is essential to our company being a small, early stage startup.

CMO at an early stage security startup

Who are the bad guys and what do they want?

There are three main actors: One who wants to steal our money; the second, our IP; the third seeks notoriety (think Anonymous.)

CEO at early stage security company

How do organizations find and attract good security talent?

You bring in less experienced staff and train them.

Mark Egan


Information Security Training: Merritt College Enters Its Third Year


Merritt College logo

Merritt College in Oakland, CA will start its third year of classes this Friday, August 26.

We’re excited to be entering the third year of this program, having graduated our first set of students this past June 2016. The Merritt College Applications and Infrastructure Security program (as a reminder) is a fully accredited A.S. degree with majors in Applications and Infrastructure Security.

This program results from partnership with the CISE CIO Organization, Merritt College, and CIO’s/CISO’s from leading San Francisco Bay Area companies. These groups have given their time and expertise toward building up this program from its inception. Donations from the CISE CIO group now amount to $130K, and with this amount, we have developed the current curriculum and put a new cybersecurity lab in place.

This program and its impact couldn’t be more timely, given that one of the biggest threats to companies is a lack of trained cybersecurity professionals.

You can find an overview of program here.

We are also looking to place our recent first class of June graduates into Information Security roles with leading companies and organizations. Please contact Mark Egan you are interested in hiring our students to improve your Information Security programs.

The Cloud – All In


By Doug Harr

This post will be the first of several outlining my passion for moving IT software and services to the cloud, articulating the exponential value this move provides.

My journey began in early 2000’s when I was VP of IT at Portal Software; there, we moved the function of doing performance reviews out of our data center and into the SaaS / cloud service, Successfactors. This change cut costs in half; this kind of savings we saw almost every time we moved another software package or custom written application off site and into the cloud. Success with this model led me to take the helm at two other high tech companies (most recently at Splunk) where we ran virtually all of our business software and half of our infrastructure in the cloud, via services like Netsuite (financials), Salesforce (CRM), and Amazon EC2 (servers, storage).

These experiences were so positive and influential on my outlook that I’ve been espousing the “all cloud” IT sourcing strategy for some time now. Finally, and most recently, both Microsoft and Google have made it possible to go “the last mile,” to move your corporate domain, which houses the identity of all your employees, along with their organizations and access rights, into the cloud. This positions new companies and more aggressive existing companies to get to the point where you’ll find two fat pipes to the internet as the only technology installed at the company’s offices. The pipes terminate in a set of wireless access points, which themselves can now be managed via a cloud service!

Why is this all nirvana to me?  What does it mean for IT?  It means a lot. In almost every case I’ve seen service improve, both in terms of the time it takes to get things done, and the ability to focus on higher-level concerns, while more control accrues to the business. The focus of the CIO and IT Management team then changes – setting up a strategy, sourcing these cloud services, managing the vendor relationships, monitoring the services, integrating and securing them. We get to the ultimate goal of IT – maximizing the effective use of these systems, and harnessing the information that can be extracted and analyzed from those services. Not too shabby, right?  Sounds like a busy and more enabling, productive IT department, even if the roles have changed.

In future posts, we’ll address how the move to the cloud changes the nature of what resources each department needs to hire in order to effectively run the cloud applications. With sales operations, customer support operations, HR operations, etc., there is the ability for internal corporate employees to be more directly involved in optimizing, running and supporting the applications they use.

More to come.

Silicon Valley: Where Are the ERP Cloud Solutions?

By Reed Kingston

Screenshot 2015-12-04 12.30.41

At StrataFusion, we are big proponents of cloud infrastructure and applications for all of the obvious reasons: cost, flexibility, security, focus on the business vs. the technology, etc.

We’ve helped many clients deploy application architectures that rely extensively on cloud technology, and users can choose from a range of solutions for everything from infrastructure to applications. Everything except enterprise resource planning (ERP), that is.

In our experience, NetSuite is by far the leading cloud solution for ERP, with a broad offering of modules that can support many different types of businesses. But things get pretty thin after that. We are excited about some new offerings coming to market from Kenandy (running on the platform) and a few others, but most of these are relatively new entrants, with functionality that will be evolving. For clients seeking a true cloud ERP solution, this begs the question: “Where are all of the other big names?” And equally important: “What exactly is a ‘true’ cloud solution, and what parts of it being cloud-based create the value users are looking for?”

The pure-play cloud players differentiate themselves with multi-tenant platforms, capable of supporting multiple clients with a common code base and a shared database. And they do a great job of communicating the benefits of that approach compared to the alternative of licensing and running similar systems in-house.

Some of the big names in traditional, on-premise ERP— companies like Oracle and SAP — have had false starts at launching multi-tenant offerings. But it is possible to run those solutions through managed services providers, and by so doing tap many of same benefits that the pure play providers tout: no on-site hardware, fewer in-house technical support specialists required, access to expertise that would be hard to maintain in-house, etc. The costs may be higher than running a pure-play multi-tenant solution, but the benefits make it worthwhile for some companies.

We have done hands-on comparisons of the capabilities of the current crop of cloud solution vs. the big-name traditional ERP solutions. There is still large functionality gap between what some global companies need versus what these “pure play” cloud companies are able to provide today. The lack of options makes for a challenging decision by companies as far as which ERP to adopt that will fit their needs now, and as they grow.

It’s always good to have clear choices. The problem is, right now the choice in ERP isn’t “cloud vs. on-premise” or “subscription vs. license” or “lots of functions/features vs. not so much.” It’s all of the above.

Reed Kingston is a managing director at StrataFusion. Contact him at; follow Reed at


Big Data that Support Key Business Results

By Doug Harr

Word Cloud "Big Data"

CIOs have a tremendous opportunity to harness Big Data. But CIOs are also wary of buzz words and heavily marketed trends which often lead to pursuits that are secondary rather than those aligned to key results. And while it may not be clear to everyone in the executive ranks, CIOs are keenly aware that all systems (not just business systems) in an organization spew out data, much of which can be mined for useful information. When I was CIO at Splunk, we called this systems-generated data “machine data” and I had the chance to witness just how many brilliant things can be done by harnessing it. So when and where does it make sense for CIOs to embark on data driven projects? How can a CIO choose where to focus efforts?

In a typical corporation, CIOs look after everything from business applications, operations and infrastructure, security, and the infrastructure that supports their web presence. Looking across the vast portfolio of services they support, a CIO’s primary concern will be to properly implement capabilities, and then manage them in such a way that the business is effectively and efficiently supported. Taking on analytics becomes the next layer to tackle once each fundamental service is in place. Where the rubber meets the road is when you can use machine/big data to determine more than just the status of your infrastructure. That is, when you can see the opportunity to mine data for services that support the portfolio and ultimately the corporation’s key results.

Getting Started

Select a Use Case: Focus on high-value use cases first. External-customer facing use cases are particularly well suited as first forays into data mining programs. Making the customer experience as compelling as possible is key for all organizations. Developing deeper insights into this experience has enormous potential and will garner support from your marketing team and other internal customers.

Work with Your Internal Business Partners: Meet with your internal team, and departments such as marketing and engineering, to select a use case they care about. Choose a project that will impact their external customers—typically the customers of your company. While internally focused use cases for Finance, HR, Sales or other teams can be instructive, prioritize programs that address the company’s core product or service and customer experience.

Put the Technology in Place: Don’t place all your bets on one solution. Consider your approach and look at real-time products (such as Splunk), cloud offerings, and batch-oriented systems (such as Hadoop). Before you make any purchases, do a proof-of-concept. Ensure you have support staff from the vendor working with you and try a sample set of your data in their engine.

Review the Reports: Step back and review reports from the solutions you are considering. Analyze the insights, both qualitative and quantitative. For example, if you use a customer support system for your proof-of-concept, ask questions like these:

  • How long does it take a customer to get through the online sales cycle? How much time elapses from engagement to first customer support call?
  • How long are customers spending in our systems?
  • How many orders are placed per month? What’s the typical amount of time it takes to book an order? How long does it take to book an order at month end?
  • Does it appear anyone is trying to infiltrate our systems?

Demonstrate What You Can Produce: Share your proof-of-concept results with your internal team. There’s no greater fun than giving your sales and marketing customers something they didn’t have before, something that helps them make better decisions more quickly. Note that there are some use cases you will never be able to share widely. For example, security use cases can only be shared with security personnel and auditors.

Delivering Value

Bringing Big Data programs into your company is worth the effort. These data can tell you things about your business and systems you can’t learn any other way. Chosen and managed carefully, these programs can improve customer service (internal and external) provide a qualitative view into the customer experience, offer clearer insight into the products and services, and even enable a company to better understand its own employees.

Doug Harr is a partner at StrataFusion. He has more than 25 years of technology leadership experience both as an executive-level technology practitioner and in senior leadership roles for professional services organizations. Contact him at; follow Doug at

More BIG Data

Not Just a Buzz Word for CIOs

Doug Harr

Big Data 2


What do CIOs do with Big/Machine Data?

In 2010, most of us were deleting machine log data from our systems as soon as it was clear that processes had survived the night – very frequently this data was being tossed in the trash daily. Now a short four years later, we’ve all learned that there is information in that data, and that by saving it and using search and analytics to mine it, an amazing number of things are possible.



As CIO at Splunk (a rapidly growing company that makes a platform aiming to make machine data available, usable and valuable for everyone) the first example I saw of the use of the the solution within company itself was related to their go-to-market model. Splunk had and has a “free-mium” model where customer and prospects can download Splunk software to their PC/Mac or host, then run machine data into it to search or analyze the data. We were “splunking” those downloads – for example taking the Apache web log from the Splunk web site, contact feeds from our CRM system, Salesforce, for a lookup table, and communications back to our site which come back from Splunk itself once up and running. With just these three types of machine data records, one being a “lookup” table to enrich the data, we were able to produce an amazing array of analytics and reporting used by IT, product management, marketing, and the others in measuring the download experience, uptime, and capacity, but also the actual sales pipeline, and understanding the company’s prospects.

Downloaded Experiences – Visualized

Downloads Experience


Since IT was responsible for making sure that the free Splunk software download function was operating properly, we were interested in the download experience – things like average minutes per download, and how that differed by platform.




We also liked seeing activity via geo-mapping, and other dashboard visualizations, as shown below:

Downloads by CRM Region

CRM Map 2







Real-time Data – Driving Business Excellence

Over the years the use of Splunk internally was expanded to address needs for both IT and business constituents providing customer insight, protecting against intrusion and malware, enhancing operations effectiveness, and other uses, falling into these categories:

  • Monitor and manage infrastructure – capacity, uptime, project delivery
  • Deliver application management – health of business apps, usage statistics, even some missing reporting
  • Provide analytics on security posture – identify and eradicate malware, APT’s (advanced persistent threats), and other threats
  • Provide business analytics – most of these derived by departments – people in sales, marketing, and engineering analyzing business trends, product delivery, customer support and more
  • Internet of Things – we even “splunked” our headquarters building to review temperature and C02 levels

These examples roughly match the broad spectrum of what can be done when ingesting and analyzing machine data in real time. Stay tuned for more examples in posts to come. Now with StrataFusion, I will be consulting and teaching more on these topics!



Big Data

Not Just a Buzz Word for CIOs

Doug Harr

Big Data box image

Four wonderful years at Splunk as CIO. Splunk? Splunk is a rapidly growing company that makes a platform aiming to make machine data available, usable and valuable for everyone. While there, I built the IT and Real Estate/Facilities teams and solidified an “all cloud” business applications portfolio. This advanced my knowledge of all things cloud, this time including the appropriate use of Amazon’s EC2 (Amazon Elastic Compute Cloud*) for compute and storage needs. At Splunk everything but Engineering applications were delivered via cloud subscriptions, and half of the compute and storage needed for Engineering, from EC2. More on that in future posts.

Harness Opportunity

The most impactful thing I learned at Splunk is the tremendous opportunity CIO’s have to harness what the market is calling “Big Data” and which Splunk refers to as “machine data.” In this context, “machine data” can be thought of as system logs, sensor readings, results of polling and measuring machine behavior. Every computer system, storage, device, web, app, and database spews forth machine data – much of it delivered via a constant, real-time stream from the machine – and almost all of it in text format. The original application of Splunk was for data center management. What was built worked equally as well for application management, security, business and web analytics, and more recently, to monitor and analyze devices connected as “the internet of things.” Results come from searching through the data and formulating analytics from its content – ranging from things like “are the machines up? Are there signs of imminent failure? Are there attempts to infiltrate and hack the system? … “Has Joe taken his heart monitor off?”   Uses are limited only by the imagination. What can you do with you data? Learn more in my next post.  Or, visit me at StrataFusion.

*Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud.