Emerging IT Trends

To Watch
ITPro Today regularly scans the IT landscape to identify emerging enterprise technology.
Here we review the latest trends from early 2021, exploring what they are, why they´re
worth paying attention to now, who benefits from them, and what vendors are offering them.
itprotoday.com
 TABLE OF

CONTENTS
3 A Primer on High Performance Computing (HPC) Systems

5 
Everything As Code: What It Is and Why It’s Gaining Traction

7 Collaborative File Sharing and Management: An Explainer

9 
What You Need To Know About Formative AI

11 Workplace Analytics: Breaking Down the Growing Trend

13 
Why You Should Pay Attention to Container-Native Storage

15 
An Overview of the Serverless Computing Architecture Trend

18 Managed Detection and Response, Explained

20 What Is Microsoft Azure Arc?

itprotoday.com 2
 A Primer on High Performance Computing (HPC) Systems
Although HPC systems traditionally come with a high CapEx, clouds now offer a cheaper initial on-ramp – and their ability to handle
demanding AI/AL workloads makes them an attractive option.
By Christine Hall

What Is HPC?
Due to the huge uptake of artificial intelligence
and machine learning, one of the trends to watch
in 2021 will be HPC systems.
Defining all of the elements of HPC is
complicated, but to keep it short and simple,
it’s a computer system designed to handle more
data more quickly using standard out-of-the-box
servers and storage devices.
“Your standard HPC platform is going to be
some number of servers with a high performance
network interconnect [and] with dozens to
hundreds of servers hooked together,” said John
Leidel, chief scientist and founder at Tactical
Computing Laboratories. “There’s a significant
amount of power and infrastructure that goes CPUs with many cores, as well as a high number tremendous amount of power,” he said. “What
into just doing that in terms of your network of GPUs and other silicon used as accelerator we’re doing is we’re actually attaching RISC-V
infrastructure, and it’s very hard to amortize that chips – all tied together using infrastructure CPUs directly to the network devices in the
in your application performance.” designs that try to amplify resource allocation.
network, so instead of just sending data back
HPC solutions are expensive, both in terms Just for an example, Leidel talked about a new
of purchasing the equipment and in terms of and forth you can send the data and do some
design he’s working on now.
operating costs. The servers used in these “One of the problems we have in HPC is we compute on it while it’s in flight – so instead
systems are not off-the-shelf servers that might be build these giant networks to hook all these receiving data at the other end, you actually
used to serve websites, but typically use multiple machines together and the networks use a receive an answer.”

itprotoday.com 3
 How Long Has It Been Around?
Vendors have long been offering increased
performance computers for specific
workloads – since at least the beginning of the
microprocessor age.
Traditionally, some of the biggest users of
HPC have been medical research, where HPC
systems are now being harnessed in the fight
against COVID-19, the oil industry and the
financial sector.
Pankaj Goyal, VP of product management at
HPE, told us that in financial institutions, “Monte
Carlo simulations are frequently used to predict
markets, and those use HPC techniques.”
He added that the oil industry has been a
big user of HPC for exploration. “Basically,
they get imagery data from their wells and they
use different simulation techniques to predict
how much oil, at what quality level and at
what depth.”
Why Are People Paying Attention to
It Now?
Interest in HPC systems first began to
grow outside traditional markets around 2006
as Hadoop, big data and data mining came to
the forefront. As the use of AI and ML for data
analysis rose across enterprises, so did interest
in more powerful computing.
Another driving force is that public clouds
are now offering HPC and HPC-like services,
which give companies the opportunity to try
itprotoday.com
Traditionally, some of the biggest users of HPC have been
medical research, where HPC systems are now being
harnessed in the fight against COVID-19, the oil industry
and the financial sector.
HPC workloads before investing in their own an on-premises data center, in the cloud or at
on-premises HPC systems. an edge location.
“I think because those technologies are “I would say that many HPC techniques and
available in a pay as you go kind of engagement, AI techniques are merging together,” HPE’s
that lowers the barrier for people getting Goyal said. “For example, we are seeing demand
started in HPC,” Chris Porter, project manager with our retailers who want to use AI in their
for converged HPC and AI for IBM Cognitive stores to improve the customer experience.
Systems, said. The use case might be video and text in their
“I can try to run a sample of my SAP environment own store, or it might be predictive modeling
in the cloud on some high performance hardware, of customer behavior based on their history.
using a high performance parallel file system, Those techniques are typical AI techniques, like
perhaps using a high performance network, to typical AI training techniques, but they use a lot
see if that really has benefits for me,” he said. of underlying infrastructure which are common
“I can do that for three months, six months, or to HPC.”
whatever it would take for me to gather the data
to answer my question.” Where Can You Get It?
All of the major computer vendors like HPE, Dell
Who Benefits From It? and Lenovo, market HPC equipment and most
Basically, whether or not an enterprise needs public clouds offer HPC capabilities.
HPC systems is determined by the software it Although out-of-the-box HPC solutions are
plans to deploy and at what scale. Again, the available, most enterprises will be better served
current HPC revolution is being driven primarily to work with a vendor to build a system that’s
by data intensive AI/ML workloads, whether in customized to meet their needs.
4
 Everything As Code: What It Is and Why It’s Gaining Traction
Reducing tedious and repetitive work while minimizing human error? The latest approach to software development, delivery and management
promises just that.
By Christopher Tozzi

What is Everything As Code?

Everything as code (EaC) refers to the idea of
managing all aspects of software development,
delivery and management by defining and
codifying the infrastructure, schema and pipelines
used to create, maintain, iterate or expand app
development. In other words, when you take an
everything-as-code approach to development
and IT, you use policy files to govern the way
software is built, deployed, monitored and so
on. It’s a bit of a metaphor extension – applying
the application development approach to other
components of IT (including DevOps) to ensure
that best practices get defined and followed with
a minimum of effort.
If you’re a developer or IT engineer, it’s easy to do something or clicking the wrong button by Infrastructure as code, or IaC, is the most
to appreciate the value of EaC. EaC enables mistake. EaC makes auditing easier, too, because prominent example. IaC lets developers and
a highly repeatable and scalable approach to you can use your EaC configurations to determine IT Ops engineers write  files that define how
tasks (like provisioning infrastructure or managing what was done to your systems. servers should be set up. Then, IaC tools (like
application deployments) that would otherwise Terraform or AWS CloudFormation) apply those
have to be performed tediously and manually. How Long Has It Been Around? configurations automatically.
The everything as code approach also offers the At its core, EaC is not at all a new idea. It has GitOps, which has come into vogue in the past
benefit of reducing the risk of human error: When been around in certain isolated forms for a number couple of years, is another manifestation of EaC-
all of your workflows are defined as code, you no of years, and has become widely popular as a type thinking. GitOps centers around using Git
longer have to worry about an engineer forgetting solution for certain types of DevOps workflows. to manage IT operations.

itprotoday.com 5
 More generally, I’d argue that Kubernetes
basically boils down to an everything-as-code
platform because it lets teams use YAML or JSON
files to control almost all aspects of software
deployment and management. Indeed, although
the appeal of Kubernetes is rarely explained in
these terms, I sometimes think that the main
reason Kubernetes has become so popular
is because of the way it unifies all operations
around code.
Why Are People Paying Attention to
It Now?
Although, again, EaC is not a new practice, it
has picked up steam in the past year or two due
to the convergence of a few interrelated factors.
One is that more tool vendors are actively
embracing everything as code. They are taking
what you might call an EaC-first approach to tool
configuration and deployment by assuming that
developers and IT engineers want to manage
everything with code files.
Take Kubernetes, for example. You can manage
Kubernetes through a Web UI if you wish. But
it’s designed first and foremost to be managed
via code files. The same could be said (as other
examples) of most public cloud services or CI
servers: They have optional graphical frontends,
but they work best at scale when they are
managed via code.
The fact that many dev and admin tools
itprotoday.com
have settled on common configuration
formats has also helped drive the EaC trend.
Virtually all EaC-compatible tools use YAML
or JSON as their configuration language. The
standardization of configuration file formats
makes it easier for practitioners to use the
same language and the same methodology to
manage all of their tools.
Finally, the ability to build and manage entire
application delivery pipelines using EaC is
helping to drive EaC’s popularity. It was one
thing when you could use EaC to manage one
or two tools within your CI/CD workflow. But
when you can manage all of your tools through
code, EaC becomes exponentially more
valuable. It allows you to ditch other tools and
processes and standardize all operations around
a single approach.
Who Benefits From It?
EaC benefits developers and IT engineers
in equal measure by helping them to work
more efficiently. It also helps them scale their
operations by reusing the same configuration
files and tools across large-scale environments.
Other stakeholders benefit indirectly from
everything as code. Compliance officers will
appreciate the consistency and lower risk of
human error that EaC brings to IT environments
and processes. Security teams like EaC for
similar reasons. Even HR may see value in EaC
to the extent that it allows different employees
to apply the same tools and processes across
the IT estate, thereby reducing dependency on
key employees and the specialized knowledge
they offer. When you manage everything through
code, it’s less of a big deal if an employee who
managed a critical system decides to leave.
Where Can You Get It?
As noted above, a variety of tools now support
an EaC approach.
Tools like Amazon Macie, Google Cloud Data
Loss Prevention and Open Raven apply EaC to
data protection in the cloud by letting admins
write policy files that help find sensitive data and
restrict access to it.
Security vendors like Palo Alto are embracing
“Security as code,”  which is EaC applied
to security.
APM and monitoring tools like Datadog play
up “monitoring as code,” which is a form of
EaC. You could also interpret incident response
tools that use AI and predefined playbooks to
automatically remediate problems as an example
of EaC because they use policy files to automate
incident response.
In short, everything-as-code concepts seem to
be entering realms that extend far beyond EaC’s
original strong suits, like infrastructure provisioning.
That trend is likely to continue, and help define the
directions that DevOps takes in 2021.
6
 Collaborative File Sharing
and Management:
An Explainer
Prompted by the enterprise shift from the desktop to shared col-
laborative spaces, “files” are now getting a lot less individual, a lot
more collaborative.
By Lisa Schmeiser

What is Collaborative File Sharing and Management?

“Collaborative file sharing and management” (also described as shared
file creation and management) is another way of referring to files that
are hosted in a cloud and can be created, accessed and edited by more
than one person. The name is a bit of a misnomer, because while the
name “file” refers to the digital asset in question, the act of simultaneous
viewing and revising pushes this artifact well beyond the paper analogue
of a file. The technology is really more of a paradigm shift away from the
desktop-folders-files metaphor – where each item is fixed and person
– and toward a space in which people create and modify datasets in a
communal environment.

How Long Has It Been Around?

Google Docs made its debut in 2006 and the paradigm shift began
moving slowly then, starting in education circles at first (a lot of school
districts use Google apps) and then entering the enterprise as those
kids grew up and got jobs. By 2017, Nielsen’s decision to switch from
Microsoft’s suite of cloud-based office services to Google’s was driven
in large part by a younger workforce that was already familiar with the
applications and preferred to work with them. In 2018, different apps in
Microsoft Office started playing with the idea that it was ridiculous to
interrupt a communications flow in one app to switch to another in order
to complete a task and follow up on a conversation; Outlook users were
subsequently able to edit Excel files in a message instead of having to
switch from Outlook to Excel to manipulate the file and then mail back
the revised artifact.

itprotoday.com 7
 Why Are People Paying Attention to It Now?
2020 was a huge year for retraining thousands of people away from a
workplace computing experience based around siloed applications and files that
lived on a desktop and toward a daily working environment set in a collaborative
workspace like Slack, Teams or Zoom. This collaborative file sharing approach
is defined by real-time communication, file exchange and editing. This has
broken down the idea of a file being a static and discrete item where changes
are propagated by one author and documented via iterative versions.
As Forrester principal analyst Cheryl McKinnon has written, “Documents
can be assembled sets of objects, with context and meaning wrapped around
them (i.e., metadata). Or for truly cloud-native authoring tools, documents
are Blobs in a giant cloud database, never files at all.”
From the backend perspective, the blowup in document editing is all about
associating and retrieving dataset as needed. For the end user, collaborative
document editing has managed to retain some of the qualities of old-school
files – they’re persistent and stable artifacts that can be searched, shared
and stored – while also adding an element of dynamic, real-time modification
as people work together on them.
Who Benefits From It?
Enterprises that are continuing to use collaborative workspaces as their
primary hub for employee communication and coordination will benefit
when any of these cloud-based tools incorporate more collaborative
document editing and data analysis tools into the everyday flow. But the
real benefit may be for data professionals. One of the ongoing issues in the
enterprise is data discovery and indexing – knowing what data is generated
in the enterprise, where it lives and how to retrieve and manipulate it.
Collaborative file sharing and management provides more access to the
information. It’s not locked in an email thread, it’s not hiding in an obscure
folder structure in someone’s drive – it’s there to be searched and sorted
in a collaborative space.
itprotoday.com
Enterprises that are continuing to use
collaborative workspaces as their primary hub
for employee communication and coordination
will benefit when any of these cloud-based
tools incorporate more collaborative document
editing and data analysis tools into the
everyday flow.
Where Can You Get It?
Collaborative file sharing and management tools are offered by a number
of vendors. And tools to handle these chunks of information and their
attendant context will only grow in response to the workflows people have
fostered in these collaborative environments. This is already happening
in Microsoft Teams, as users are able to edit Office files in Teams. For
competitor Slack, the ability to edit files directly won’t be as straightforward
– the company doesn’t have a suite of data-crunching and word-processing
tools to easily integrate into its chatspace – but Slack does offer the ability
to have discussions attached to specific files uploaded into its workspace,
which is a way to capture collaborative communication and index it for
search and referral later. Being able to attach conversations to files is
another way to explode the silo’d, file-on-a-desktop model.
8
 What You Need To Know About Formative AI
Formative AI technologies like AI-augmented design and developement, adaptive machine learning and generative AI are growing in
prominence. Here’s why IT pros should pay attention.
By Terri Coles

What is Formative AI?

Formative AI is an umbrella term that refers to
artificial intelligence that changes dynamically
in response to a situational variance — as the
NYC Media Lab puts it, it’s “AI that ‘creates’
things.” There are multiple types of formative
AI. Generative AI is a type of formative AI that
creates new content or alters existing content
— for example, in deep fake images and videos.
And formative AI models can be designed to
evolve and adapt over time. The applications
of formative AI are as varied as synthetic data
generation to train machine learning models
and AI artwork or deep fakes made with
nefarious intent.
are just emerging but are already in use in some widespread possible enterprise applications.
How Long Has It Been Around? cases and predicted to be an emerging category Formative AI is a means by which the reams of
It’s hard to pin a date of birth on formative AI data that organizations are increasingly gathering,
to watch.
because it’s an umbrella term for a variety of generating and storing becomes more useful.
technologies, many of which are emerging and Gartner identified a few formative AI
Why Are People Paying Attention to
not yet fully established in the enterprise. technologies that enterprises should pay
Gartner identified several technologies under It Now? attention to, including AI-augmented design
the formative AI umbrella as set to become Gartner placed formative AI on its list of must- and development, adaptive machine learning
productive over the next two to ten years. Some watch technologies for its  2020 hype cycle and generative AI. These tools have potential
of those technologies, like augmented AI design, report, citing its potential for disruption and for efficiency, productivity, creativity, prediction

itprotoday.com 9
 and cost-reduction for businesses. Not every
technology is a fit for every business, however
— it’s a mistake to fall prey to the buzz and jump
on a tech without understanding how it makes
sense for operations.
Formative AI also has the potential to reduce
the costs of machine learning for enterprises,
making it extremely attractive to cost-conscious
IT pros.

Who Benefits From It?

The big winners could be budget-conscious,
data-processing businesses. Expect to see it
roll out across medical operations, predictive
professions and the enterprise departments
tasked with maintaining or improving
internal operations.
Adaptive machine learning could result in
better outcomes with fewer time and resources
— for example, diagnostics that combine
machine learning with expert knowledge and
are more accessible than ever before as powerful
computers become less expensive.
Or generative AI can play a role when the
needed data for good predictions or analysis isn’t
available by generating data to meet particular
conditions. This generated data can be used to
train learning models, for example, or to avoid
issues of privacy (as with medical or financial
data).
It can also be used to create data that is more
accurate or more free of bias, improving learning
models and algorithms.
AI-augmented development also has the
potential to help organizations overcome staffing
and training concerns that stymie AI adoption or
scaling. With artificial intelligence available to
assist designers and developers, errors can be
spotted more effectively and simple programming
can be automated.
Where Can You Get It?
There are applications on the market now
that fit under the formative AI umbrella — for
example,  Kite’s AI code completion software
or  Atomwise’s use of AI in drug discovery.
Generative AI in the form of deep fakes has
already been put to use in the  entertainment
industry  and as  art or educational projects.
Augmented AI design is already at play
in CX products but is a category with
wide-ranging potential.
Other tech in the category remains in
the R&D or early development stages, like
self-supervised AI.

itprotoday.com 10
 Workplace Analytics: Breaking Down the Growing Trend
Enterprises are being asked to help employers meet their biggest challenge: maintaining productivity across their teams. One way to
accomplish this is via workplace analytics. We examine this growing trend.
By Richard Hay

What Is Workplace Analytics?

There is one big Software as a Service (SaaS)
company  deeply engaged with workplace
analytics – Microsoft. But you’ll find this trend
popping up elsewhere as well.
According to Microsoft documentation,
“workplace analytics uses data from everyday
work in Office 365 to identify collaboration
patterns that impact productivity, workforce
effectiveness and employee engagement.”
In other words, as employees answer emails,
work their daily schedule of meetings, etc.,
general data is collected through the Microsoft
Graph. This data is then collated for managers to
get an overall sense of how their team is engaged. Establishing standards for what data is Analytics service back in July 2017 as an add-on
The data is generalized and not attributable to a collected and now presenting it to those to all Office 365 enterprise subscription plans.
specific employee but provides an overall view reviewing it is critically important with a new Since then, they have continued to refine the
of the managers entire team. technology like workplace analytics. It will also data and its display for managers, including using
Although they were not visible to managers go a long way in reassuring employees that the the service to analyze their own teams. Recent
previously, the company has removed usernames data is truly anonymous and will not be used to additions announced at Microsoft Ignite
from what is collected. In addition, they have establish performance norms. 2020 focused on employee wellbeing during the
updated their workplace analytics dashboard time of the COVID-19 pandemic and its related
to better communicate the general nature of How Long Has It Been Around? lockdowns and remote work environments.
the data. Microsoft launched their official Workplace Microsoft’s chief people officer, Kathleen Hogan,

itprotoday.com 11
 stated that the service has provided actionable
insights for the company’s HR Business unit.
“Our HR Business Insights group is using
Workplace Analytics across a variety of
initiatives—from understanding the behaviors
driving increased employee engagement,
to identifying the qualities of top-performing
managers who are leading Microsoft’s cultural
transformation from within. We believe people
analytics is a competitive necessity for any HR
team.” Hogan said.
Why Are People Paying Attention to
It Now?
The global COVID-19 pandemic suddenly
forced organizations to have most of their
employees’ home and so the daily interaction that
normally occurs through an office environment
was suddenly no longer happening.
Interactions shifted from face-to-face
meetings, standups and presentations to
everyone sitting in front of computer screens
and using tools like Microsoft Teams, Google
Workspace  and  Zoom  to accomplish work-
related tasks. Managers and executives
still want and need some way to assess
employee productivity and identify trends in
the workplace, such as increased meeting
frequency or reduced person-to-person
communication. Workplace data analytics let
managers see which tools are being utilized or
itprotoday.com
Managers and executives still want and need some ways
to assess emplyee productivity and identify trends in the
workplace, such as increased meeting frequency or reduced
person-to-person communication.
under-utilized, which behaviors are flourishing Where Can You Get It?
in a team and which behaviors could use Microsoft Workplace Analytics is available as
more encouragement. an add-on for companies subscribed to Office
365/Microsoft 365 that also have an Enterprise
Who Benefits From It? Agreement in place with Microsoft. In addition,
Workplace analytics can fill in some of the the subscription must include Exchange Online
gaps by providing managers insight into the Plan 1 or Exchange Online Plan 2.
productivity of their team. Using this data, as There are also Workplace Analytics limitations
well as new approaches, policies and/or team depending on the type of customer:
discussions, they can then review the general Government Community Cloud is not supported
productivity of the team and what might be Education only allows analysis of faculty and
hindering or elevating it. not students
David Merry, CEO of Coin Journal, uses Commercial customers can add this for
workplace analytics to improve his team’s enrollments in a tenant
productivity, effectiveness and engagement. Analysis of Firstline Workers is not available
“Managers should be using workplace analytics There are third-party offerings for services
to accomplish three key items,” he said. “First, labelled as workforce analytics, but these tend to
they should be forming productivity strategies focus on areas such as HR, payroll and benefits.
to monitor for meeting fatigue. Second, work on Expect other major players in productivity
employee engagement by seeing what time of software such as Google Workspace and
day they are most productive. Finally, redistribute Slack to begin establishing their own version
workloads if the data shows one department of workplace analytics to enhance their own
carrying the larger share of work-related tasks.” competing services.
12
 Why You Should Pay Attention to Container-Native Storage
The use of containers is exploding in every vertical, making container-native storage a much-buzzed-about trend in enterprise IT. Here’s what you
need to know.
By Karen D. Schwartz

What Is Container-Native Storage?

Container-native storage (also called
persistent storage for container-based
workloads) is a software-based approach to
maintaining storage within containers even after
those containers are destroyed. Because the
storage runs on standard server nodes that
support Kubernetes and other orchestration
platforms, it ensures that the data associated
with the application remains intact on each
node of a cluster.
Think of container-native storage as “HCI
for containers,” suggests Eric Slack, a senior
analyst at Evaluator Group. Like HCI, it provides a
comprehensive, scale-out, standardized compute
environment that can simplify deployment
and operational tasks for IT.
The use of containers is exploding in every container storage. SAN and NAS solutions tend to for example, but run into problems with speed
vertical. According to IDC, the installed base of be difficult to scale, expensive and cumbersome and dynamic provisioning. Other challenges
container instances will grow at about a 62% for agile development environments. The with these approaches include portability and
CAGR from 2019 to 2023. While it’s possible direct-attached approach can be complicated consistency; containers are built with portability
to use other types of storage for container to manage and relies on manual processes in mind.
workloads, such as direct-attached storage, to add storage as containers scale. It’s also At a basic level, the software-defined layer
network-attached storage or SANs, these possible to use a container storage interface virtualizes the physical storage on each node
methods are not well-suited to the nature of (CSI) to connect storage arrays to Kubernetes, to create a storage pool, which can be used

itprotoday.com 13
 by the containers also running on the cluster,
Slack explained. This creates a scalable compute
infrastructure that can run in the public cloud,
allowing groups of containers to be transferred
between on-premise clusters and those running
in public clouds.
How Long Has It Been Around?
When  Docker  first started making waves
in about 2013, nobody thought much about
persistent storage since most applications
were stateless. Over the next several years, as
others jumped into the container world, the need
for persistent storage designed for containers
became evident. By around 2016, companies
like Portworx (now part of Pure Storage) had
jumped on board.
Why Are People Paying Attention to
It Now?
The need for container-native storage is
directly related to the staggering growth in
container-based workloads; not only for testing
and development, but also into production
environments. As that happens, more IT
professionals are experiencing challenges
providing persistent storage for those
containers. According to a survey from ESG,
more than one-third of organizations cited
storage performance as one of the biggest
challenges in delivering persistent storage for
itprotoday.com
More IT professionals are Where Can You Get It?
experiencing challenges • Datacore
• Dell/EMC
providing persistent storage • Diamanti
for those containers. • HPE
• MayaData
• Microsoft
containers. “We found that people are twice • Pure Storage/Portworx
as likely to experience poor performance in • Red Hat
container-based workloads,” noted ESG senior • Robin.io
analyst Scott Sinclair. The same survey pointed • StorageOS
to other challenges with storage for containers, • VMWare
including speed of provisioning and managing • Microsoft
container storage across hybrid and multi- • Open source options, including Rook,
cloud environments. Container-native storage Ceph, Longhorn and OpenEBS.
addresses these issues head-on.
Who Benefits From It?
Storage and virtual machine administrators
save time and effort with this technology.
Instead of submitting a ticket to the IT
organization for more storage for an app, which
requires administrators to size the storage and
spin it up, container-native storage allows users
to provision their own storage. “If you have
1,000 microservices, each could automatically
request storage,” Sinclair explained. “Without
this in place, administrators have a lot of extra
work to do, and developers have to rework
their code.”
14
 An Overview of the
Serverless Computing
Architecture Trend
Why run an always-on server in the cloud when you can precisely
run just one function when it´s needed? That’s the promise of
serverless computing architecture.
By Sean Michael Kerner

What is Serverless Computing?

The original promise of cloud computing was the ability to have elastic
resources that scaled up and down as needed, and users only paid for what
they used. It’s a promise that serverless computing actually delivers upon.
The first generation of cloud computing was about virtual machine compute
instances that mimicked the operations of physical servers. Those compute
instances can scale up or down, but are always running.
With serverless computing architecture, sometimes as referred to as
Functions-as-a-Service (FaaS), a simple function is executed to achieve
a given task based on an event trigger. As such, instead of having a long
running server instance that is always consuming resources and costing
an organization money, serverless only runs when needed.
In contrast to either a virtual machine compute or even a container model
for cloud computing, serverless computing is truly a consumption-based
elastic service. Serverless computing functions only run when triggered release in 2014.  Tim Wagner, who is currently the CEO of serverless cloud
and users only pay for precisely what they use. By definition, serverless vendor Vendia, is credited as being the founder of Lambda while he was
computing architecture is about not running a server, virtual or otherwise, working at AWS.
to execute a function as part of a modern application stack. “Serverless has always had great fundamentals: it’s simpler, cheaper,
The modern concept of serverless cloud computing was pioneered by and faster,” Wagner said.
Amazon Web Services (AWS) and its Lambda service which had its initial Wagner explained that serverless computing is simpler, because it

itprotoday.com 15
 removes much of the burden of writing software – some of the hardest
parts, such as fault tolerance, scalability and security – are built in versus
do-it-yourself projects.
“It’s cheaper, because you only pay for what you use – like renting a hotel
room for a weekend trip versus signing a year-long lease on an apartment
you might not need all the time,” Wagner said.
Why Are People Paying Attention to Serverless Now?
The use case for serverless computing architecture has expanded
significantly since 2014 as capabilities have grown and multiple vendors
and services have entered the landscape.
“Serverless computing has matured from a special purpose tool with limited
capabilities into the realm of general-purpose application building,” Wagner
said. “AWS and Google in particular have been improving and expanding
serverless technologies to include compute, file storage, APIs, databases
and AI/ML – virtually anything you want to do in the cloud.”
Serverless computing architecture is also increasingly popular as
organizations go through digital transformation processes to adapt their
businesses to the demands of the modern consumer.
Tyler McMullen, CTO of edge cloud platform provider Fastly, says that
while organization go through the digital transformation process, they begin
to decouple and decompose their architectures, from large monolithic
applications to many smaller units of computation with single purpose and
greater portability.
“Serverless architectures allow these enterprises to move fast and focus
more time on their end-user, all while having more fine-grained control over
where and when their computation runs – be that the edge or the central
cloud,” McMullen said. “With more control, comes greater flexibility and
the ability to adapt to change. This coupled with the cost benefits means
it’s a win/win situation.”
itprotoday.com
Serverless computing architecture is also
increasingly popular as organizations go
through digital transformation processes to
adapt their businesses to the demands of the
modern consumer.
Who Benefits From Serverless Computing?
Serverless has the potential to benefit a variety of different types of
organizations. According to Mark Hinkle, CEO of serverless integration
platform vendor TriggerMesh, the biggest winners so far have been web-
scale IT companies who have been able to scale their businesses in a very
capital-efficient way.
“Other companies are also seeing benefits as they are launching new
projects on Lambda or migrating workloads from aging iron to cloud
services,” Hinkle said. “I’d say mobile and web developers are seeing the
biggest benefits as they deploy serverless on the edge.”
Fastly’s McMullen noted that the benefits of serverless computing
architectures go beyond just developers. McMullen said that architects
don’t have to worry about vendor lock-in with any one provider, they can
pick-and-choose serverless components from an array of different providers
to compose their workflows. He added that with serverless computing, chief
financial officers are happy that less of their CapEx budget is spent on
underutilized infrastructure and they have more money to invest in growth.
Wagner emphasized that serverless computing architecture is not solely
the province of the largest, most technically sophisticated companies.
“Small and medium businesses and late cloud adopters actually benefit
16
 dramatically and make up a large segment of the buyers,” Wagner said.
“These companies feel the same pressure to move systems and processes Cloud Vendor Serverless Services
to the cloud, but they’re looking for the easiest, most cost-effective path
• AWS Lambda
to get there. “
• Cloudflare Workers
• Fastly COMPUTE@EDGE
Where Can You Get Serverless Computing?
• Google Cloud Functions          
While serverless cloud computing began with AWS Lambda, serverless
• IBM Cloud Functions  
services are now available on all the major public cloud providers including
• Oracle Functions
Google Cloud Platform, Microsoft Azure, IBM Cloud, Oracle, Cloudflare
and Fastly. Third-Party Serverless
Beyond just serverless services on cloud platforms are third party vendor
tools and frameworks that provides additional capabilities including best
Cloud Services
• Stackery          
practices, multi-cloud and hybrid cloud capabilities. Among the vendors
• Triggermesh    
in this category are Triggermesh, Stackery and Vendia.
• Vendia

itprotoday.com 17
 Managed Detection and Response, Explained
The growing threat landscape and skills shortage has led to the rise of managed detection and response (MDR). But how much of it is just hype?
Here’s what you need to know about MDR.
By Karen D. Schwartz

What Is Managed Detection

and Response?
Managed detection and response (MDR) is a
service-based approach to threat monitoring,
hunting, detection, incident analysis and response.
Often, MDR acts as an extension of an organization’s
security operations team. MDR services collect logs,
telemetry and metrics, and then use automated logic
to elevate the logs that could indicate a threat. This
logic consists of both “IF this THEN alert” type of
logic, as well as advanced algorithms that can learn
and adapt to their dataset, like machine learning.
An analyst then confirms the activity or feeds it
back into the detection logic as a false positive.
Confirmed threats are acted upon within seconds to missing. Other MDR providers come with their Combs, managed detection and response
minutes to contain the threat and begin the incident own technology, requiring customers to install partner at consulting firm Crowe LLP, is to use
response process. agents that feed security data into the MDR whatever combination of technologies, tools
MDR providers tend to be flexible about provider’s detection and response platform. Most and people will best improve visibility as well as
what tools they provide. If a company already providers offer some level of custom software to streamline investigations and incident response.
has invested in  Endpoint Detection and help with the communications and reporting of “Detecting and responding to threats requires
Response (EDR) technology, a SIEM or SOAR, their services during the engagement. Depending specialized knowledge not only in security, but in
or a network detection and response solution, it’s on the breadth of the offering, some MDR system administration and data management,”
reasonable to ask the MDR provider if they can providers also will provide vulnerability scanning said Combs. “Organizations are finding they can
use that existing investment and add only what’s and management solutions. The key, says Glen more cost-effectively and with greater confidence

itprotoday.com 18
 outsource this function rather than attempt to
build it in-house.”
How Long Has It Been Around?
In general, the concept of managed detection
and response has been around for more than
decade, but has built up significant momentum
in the past year or two as threat levels expand,
IT security professionals are scarce and attacks
become more sophisticated.
(That’s a difficult question to answer more
precisely. Some say early EDR providers came up
with the idea, based on the premise that technology
and humans are the best combination for fighting
threats. Others say it’s an outgrowth of incident
response services. Still, others say it was first offered
by managed security services providers (MSSP).)
Why Are People Paying Attention to
It Now?
The number of companies relying on managed
detection and response services is growing.
According to ESG, 35% of companies currently
use an MDR service, while 38% are actively
pursuing one.
There are several reasons for that growth in
MDR service use. The  threat landscape  has
expanded significantly, taking advantage of
the growing attack surface that now includes
more devices, infrastructure living on multiple
clouds and employees working from home on
itprotoday.com
Some say early EDR providers
came up with the idea,
based on the premise that
technology and humans are
the best combination for
fighting threats.
unmanaged devices. Forrester security analyst
Jeff Pollard noted that one FinTech company
he spoke with recently said it had experienced
a 300% increase in attacks against their
organization since March of 2020.
In addition, the types of threats and attacks are
more varied as adversaries get more sophisticated.
Finally, there are relatively few cybersecurity analysts
available, thanks to a skills shortage. According to
a survey from (ISC)2, the cybersecurity workforce
has a skills shortfall of more than three million.
These factors also have led organizations to realize
that automated defenses alone simply aren’t good
enough. “While automated defenses have reach
very high efficacy levels, there continue to be a small
percentage of attacks that evade these controls,”
said Dave Gruber, a senior cybersecurity industry
analyst at ESG. “These attacks are often related
to software or configuration vulnerabilities, and in
some cases, rogue systems that lack core security
controls. These scenarios enable attackers to
compromise infrastructure, requiring detection and
response to stop attacks before they do damage.”
Who Benefits From It?
When a cyberthreat is stopped, everybody
wins. More specifically, security and risk teams
win, because they have fewer successful attacks
to deal with and can better manage risk. The IT
staff wins because they have less technology
to support, and the C-suite often wins when
the services-based approach ends up costing
less than supporting technology and managing
threats internally. It’s not uncommon for MDR
providers to claim that customers’ annual security
costs can be reduced by 50% with this approach.
Where Can You Get It?
Pureplay managed detection and response
providers include:
• Crowdstrike
• Carbon Black
• Cybereason
• Cynet
• F-Secure
• Sentinel One
• Alert Logic
• RedCanary
• eSentire
Managed Security Service Providers offering
MDR include SecureWorks and Trustwave.
19
 What Is Microsoft Azure Arc?
Here’s what you need to know about Microsoft Azure Arc, an emerging cloud solution that competes with AWS Outposts and Google Anthos.
By Christopher Tozzi

What is Azure Arc?

What is Microsoft Azure Arc, you ask? Azure
Arc is an emerging hybrid cloud solution that lets
users provision and manage virtually any server
or database – whether it’s a legacy Linux server
running on-premises, a database hosted in the
Microsoft Azure cloud or even a Windows virtual
machine running in a competing public cloud,
like AWS – using the Azure cloud’s native tooling.
Microsoft Azure Arc does this by extending the
central control plane that manages resources
on Azure cloud – known as the Microsoft Azure
Fabric Controller – to support resources that
are hosted in other locations. To use Azure Arc,
you simply deploy an agent on whichever virtual
server or database you want to manage through
Source: Microsoft
the platform. You can then use Azure-based
services like Azure Monitor, Azure Security Center At the time, Arc was not yet generally available. date about when to expect those other services
and Azure Automation to control the resource. Microsoft spent the following year gradually to reach general availability.
unveiling more details about the platform. Even before the Ignite 2020 announcement of
How Long Has It Been Around? At Ignite 2020, in November, Microsoft
general availability for Azure Arc servers, Microsoft
Microsoft CEO Satya Nadella  announced announced general availability of Azure Arc for
was already publishing case studies that detail
Azure Arc during his keynote at the Microsoft managing Windows and Linux servers. Other
Ignite event in November 2019. The company facets of the platform, including those related to how companies like Ferguson and Fujitsu are
also  demonstrated the platform in action  at hybrid database management, remain in public using Arc – so it’s clear that the platform has
the show. preview mode. Microsoft has offered little clue to already entered the wild.

itprotoday.com 20
 Why Are People Paying Attention to
It Now?
As it heads toward full general availability,
Microsoft Azure Arc is making headlines primarily
because of the way it differs from other hybrid
cloud frameworks, which offer less flexibility
when it comes to how workloads are deployed
and managed.
For example, whereas Azure Stack, a hybrid
cloud framework that Microsoft introduced
in 2017, requires users to run their hybrid
workloads on Azure Stack-certified hardware
and deploy workloads using native Azure
services (like Azure Virtual Machines), Azure
Arc works with any type of hardware. It can
also register and manage workloads that are
hosted using an external service, even if the
service runs on a public cloud that competes
with Azure.
These differences also distinguish Microsoft
Azure Arc from AWS Outposts, the hybrid
cloud offering from Amazon. Outposts also
requires specific hardware, and is compatible
only with workloads hosted on AWS’s own
cloud services.
The existing cloud offering that is most similar
to Microsoft Azure Arc is Google Anthos, which
lets users deploy and manage workloads running
on any private data center or public cloud (not
just Google’s). However, the main difference
between Azure Arc and Anthos is that Anthos
itprotoday.com
Azure Arc can improve security operations by allowing teams to
use Azure Security Center to audit the security configurations
of workloads and identify vulnerabilities, whether or not the
workloads are hosted on Azure itself.
is designed primarily for deploying workloads and databases that are spread across
that run as containers and can be managed multiple locations.
using Kubernetes. Azure Arc can improve security operations,
Azure Arc can also manage Kubernetes too, by allowing teams to use Azure Security
clusters, but it is not as Kubernetes-centric as Center to audit the security configurations
Anthos. In addition to supporting containerized of workloads and identify vulnerabilities,
workloads, Azure Arc offers full support for whether or not the workloads are hosted on
conventional virtual machines. That feature Azure itself.
gives Azure Arc a leg up in the competition for
customers who want to move to a hybrid cloud Where Can You Get It?
architecture, but aren’t ready to convert all of To get started with Azure Arc, you need an
their applications to run inside containers. account on the Azure cloud. Once logged
in, you can register the external resources
Who Benefits From It? that you want to manage through Azure Arc.
Azure Arc can simplify a broad set of IT Azure will then generate installation scripts,
workflows. By allowing resources outside of the which you run on the objects you want to
Azure cloud to be provisioned using Azure tooling, register in order to install the Azure Arc agent
Arc makes it easier to set up heterogeneous on them and allow the Azure Fabric Controller
infrastructure that spans multiple data centers to manage them.
or cloud environments. Just keep in mind that, as noted above, some
Likewise, Arc simplifies workload monitoring of Azure Arc’s features are still in public preview
because it provides a central tool – Azure mode, which means Microsoft does not yet deem
Monitoring – for monitoring servers, applications them fit for production use.
21