EMC Lays Out The Future Of Storage

EMC invited members of the press and analyst community to its Executive Briefing Center, at Santa Clara, Calif., where some of its top executives discussed a number of areas in which the company is focusing much of its huge R&D budget, which amounts to over 10 percent of its annual revenue.

Areas covered include digital home and small business storage, anti-fraud research, and content management and archiving.

Starting the event was Jonathan Huberman, president of EMC's Consumer and Small Business Products Division, a new division of the company based primarily around EMC's acquisition early this year of Iomega.

Huberman, who prior to the acquisition was Iomega's CEO, said EMC acquired his company because of the fact that, according to analysts like IDC, about 70 percent of all data will be created by individuals by 2011, and that by integrating Iomega's small business and consumer hardware products with EMC's Retrospect backup software and Mozy on-line storage service it could better serve that market.

Huberman said that EMC has a lot to learn in terms of innovation and how it applies to the consumer and small business market. For instance, he said, the typical customer has five basic needs -- ease of use, reliability, good design, functionality and price. Of price, he said, "That's a given."

An important trend when dealing with consumers is the importance of making products available as quickly as possible. "Time-to-market is critical, especially on the consumer side," he said. "The right decision for six months later is the wrong decision for today."

Iomega brings EMC over 60 engineers, compared to the typical small business storage device company which has only a handful, Huberman said. As a result, the company has so far in 2008 introduced over 15 new products, not including new versions of existing products with new capacity points, he said.

For instance, the company recently introduced the eGo Helium, a lightweight external hard drive which has the same look and feel as the Macintosh Air notebook PC to which it can be attached. "We got more press for this than EMC gets from any of their products," Huberman said.

EMC is keeping the Iomega brand, in part because it is the number two storage brand in Europe, thanks to its retail distribution channel, Huberman said. In the U.S., the name is less well-known because it is not as widely distributed in retailers. "We're working on increasing distribution in companies like Costco and Best Buy," he said.

EMC is preparing to launch a program to help retailers sell the benefits of networking storage to customers, and is talking to telcos, cable companies, and satellite companies to develop services based on its products, Huberman said. "We can have cable folks say, 'We can help you back up your data, and offer other services,'" he said.

Next up was George Lotridge, vice president of advanced development in the office of the CTO for EMC.

The CTO office of a company has to be constantly looking ahead at the future, and Lotridge said that his office is seeing certain changes that are impacting how EMC innovates in the future.

These changes include increasing globalization, which means a company has to take into account not just who a customer is, but where he or she is, Lotridge said. Also, the shift towards services means that information has now become a prime asset.

All this means a company not only must innovate at the product level, but also at the business and product innovation levels, Lotridge said. "Change is the new stability," he said.

EMC's CTO office is also seeing that certain social forces are driving change, such as the globalization of business and the decomposition of traditional monolithic enterprises into smaller parts that can be more easily managed.

Also driving change is an inundation of technology and new media, which makes it hard to find specific information out of all the information that is available, as well as mobility, which means customers can do the same amount of work whether they are at the office or at the beach. "The work follows you," he said.

Technology is also driving change, Lotridge said. He cited virtualization and software-as-a-service, high-speed ubiquitous networking, service-oriented architectures, grid and cloud computing, and the need for security as important technological drivers.

As a result of all these forces, the mission of the CTO office at EMC has become one of helping define and steer long-term technology strategy for the company, translate technology into things businesses can use and understand, and drive integration into new core products so that they can work together without the customer even thinking about it, he said.

With traditional businesses, there is an innovation gap between an idea and deployment of the idea, especially between business units, Lotridge said. The CTO office drives innovation to fill that gap and drive integration between business units. "My group explores technology to see what it means to EMC," he said. "It may not be something that becomes a product."

Some of the technologies EMC is currently exploring include using Web 2.0 social networking tools on top of existing infrastructures to improve total customer experience, exploring and prototyping a cloud computing infrastructure, automating the means of validating configurations against business continuity service level requirements, providing a service for use in applications which need to keep data on the lineage of information, and developing mobile virtual PC computing using USB, VMware, and RSA components, he said.

Uri Rivner, head of the new technologies, consumer, identity, and verification group at EMC's RSA business, introduced how computer fraud has developed into a sophisticated if illegal business, and how individuals in the fraud underground are now developing FaaS, or "fraud-as-a-service," to make it easier for criminals to discover and use personally-identifiable information.

Currently, there are two groups collaborating with each other in what Rivner called the "fraud supply chain."

The first group is the harvesting fraudsters, who collect bank customer data, credit card information, and other personal data using such techniques as phishing, malware, and trojans, and then use bot networks to store that data, Rivner said.

The second is the cash-out fraudsters who use information from the harvesting fraudsters, he said. They get that information by using "mules," which are go-between people who often don't know that they are involved in fraud, or by drop-boxes where the data is sent. "They know how to get the money from the victim," he said.

These two groups are really two separate "career tracks" in the fraud business, and typically only know each other indirectly through their reputations, Rivner said. They typically communicate through IRC rooms which serve as a marketplace where they can do business with each other and offer praise or criticism of partners, or fraud forums which offer tutorials, certify certain fraudsters as reliable partners, and even offer escrow services for illicit information, he said.

The harvester frauds are getting more and more active, Rivner said. For instance, phishing attacks, which once were focused on imitating bank Web site to gather information, now use social networking services such as Skype, the Apple Store, and even World of Warcraft to gain personal data which can be used to steal something which can be sold. With World of Warcraft, for instance, phishing attacks are used to gain control of high-level player characters which can then be sold for $300 or more, he said.

Tools for other types of fraud, such as malware, are also becoming very affordable, Rivner said. For instance, the malware tool Limbo, which cost a potential hacker $5,000 two years ago, is now available for about $350, he said. Limbo allows fraudsters to run a small self-destructing application which grabs the image of a Web site a victim uses such as a bank. The next time the user enters that site, it asks for the user's ATM number and PIN number before connecting the user to the bank. Many users will provide the data because it looks like the request is coming from the bank, he said.

Pricing for other tools is also falling, Rivner said. For instance, the Mpack infection kit now costs only $700, while the Dream BotBuilder costs $500. Fraudsters and hackers will sell updates and patches to their trojans, he said.

With the propagation of these tools comes a new business model wherein harvester fraudsters no longer need to get directly involved in gathering personal data, Rivner said. It is now possible to contract with businesses who do the harvesting of data to order for a set fee of maybe $299 per month, he said.

The end result is it is possible for more people to start their own harvesting business by using fraud-as-a-service providers, Rivner said. "I'm scared," he said. "It means anybody can do it."

Ever since EMC acquired Documentum and its content management technology, EMC has been able to focus its innovation as much on managing information as it does on storing it, said Mark Lewis, president of the vendor's Content Management and Archiving Division.

"It's a very selfish thing for EMC," Lewis said. "At EMC, we're all about selling storage components. Why do people store information? They believe it has some value to them now or in the future."

Customers continue to store more and more information, a trend Lewis said is good for his business as long as they believe that information has value. "And we're going to help customers get value from that information," he said.

Business data, most of which is unstructured, is experiencing a ten-fold growth every five years, Lewis said. One photo, he said, is equivalent to about one year's worth of email. However, he said, that data comes with a Catch 22: the value of that data comes from making it available on-line, but putting it on-line also puts it at risk.

Meanwhile, the way companies innovate is changing as they increasingly embrace collaboration, Lewis said. This includes internal collaboration on R&D, as well as more open innovation by collaborating with suppliers, research partners, and academic partners.

It also includes what Lewis called "mass innovation," which is where a company works with customer networks. He cited as examples Dell's Idea Storm and the move by Intuit to get customers involved with technical support to the point where about 40 percent of technical issues are answered by them.

Technology shifts are also changing how companies innovate, Lewis said. Some of the key shifts happening include the adoption of Web 2.0 in the enterprise, the adoption of the semantic Web, the use of XML to add structure to unstructured information, virtualization of hardware and many software layers, and software-as-a-service, or SaaS.

At the same time, customers' needs are changing, Lewis said. They are now just as likely to be working from their backyards or from a hotel in Japan as they are from their office. And the way they access data is diversifying. Young people today are likely to use social networking and texting and not have email accounts, he said. At the same time, IT users' business and social personas are starting to completely merge.

"People will work and collaborate how they want to, not how we tell them...We create more problems by not understanding the ramifications of what is happening," he said.

EMC is looking to solve IT problems and provide a structure for getting value from information in the face of these changes with what Lewis called the "four Cs."

The first is convergence, such as the convergence of unstructured content and structured data, or paper and digital or information and processes. The company took one step in that direction with the recent release of Documentum 6.5, which includes common repositories for a wide variety of data, Lewis said.

The second is context, or the ability to provide the right information at the right time to the right space. This includes enterprise-specific search which, unlike Google search, has an important security element.

The third is collaboration, including the adoption of tools such as instant messaging and blogging to make it easy for people to work within a company while protecting proprietary information.

The fourth is compliance, with a focus on how to use XML to make sure that archived information is not only protected, but also remains available even as the applications and hardware on which it was created become obsolete in the future.