How Partners Make Money with Cisco Customer Experience (CX)

With the advent of SaaS and cloud business models, customers expect a shorter time between when they buy something and when they attain value from their purchase. These days, partners can’t sell something, install it, support it, and expect their customers will satisfactorily consume and receive available value from what was bought.

Partners need to enable customers with a customer success strategy that helps ensure they will derive maximum value and ROI from their purchases — but this can be challenging. As an example, newly purchased business-critical technologies can be complex to implement and deploy. As another example, in the absence of usage data, it’s often difficult for customers to know their level of consumption for purchased products, which can make renewal discussions troublesome.

The Cisco Customer Experience (CX) team has an answer, helping Cisco partners transform from a traditional product resell business model to a value-added lifecycle growth model and helping them to help their customers extract the most value from their investments.

To be clear, many Cisco partners have built very successful businesses selling their professional services along with reselling Cisco offerings. That said, although this approach has yielded considerable success in the past, going forward it is not well differentiated, because many partners can essentially replicate this formula. The result is a diluted value proposition, reduced margins, and — quite frankly — a future struggle for survival.

So, to help partners create new sources of value and enable expanded growth, while helping ensure that customers have an optimal experience, Cisco offers the CX Success Portfolio. The Cisco CX Success Portfolio consists of three fundamental elements:

◉ A simplified Cisco portfolio of products and services that makes it easier for buyers to buy and partners to bundle in their own value-add services.

◉ Insights and analytics based on usage and telemetry data generated from the Cisco portfolio, spotlighting customer consumption of the overall product and specific features and enabling ongoing partner-to-customer discussions to help deliver customer satisfaction and identify partner upsell opportunities.

◉ A lifecycle selling framework, which helps guide the selling motion to where there are opportunities to grow revenues.

A simplified Cisco portfolio

Previously, Cisco services were sold as product attach during the initial sale and then hopefully again at renewal. The result was a complicated portfolio of product and service offerings not aligned to the customer lifecycle. In the future, the new CX portfolio will have a simplified, agile, and innovative services portfolio with flexible options to meet your customer’s business requirements. We are developing a new suite of solution capabilities comprised of four primary focus areas:

1. Expert Resources
2. Trusted Support
3. Insights and Analytics
4. Contextual Learning

We are evolving our portfolio with new Expert Resources; designed a more tailored approach to hardware and software with Trusted Support; added Insights and Analytics features; and added Contextual Learning to create an optimal experience in every step of your customer’s lifecycle journey. We will offer graduated service levels that build upon each other as they increase — with everything from self-help tools to working beside them to show, guide, and jointly team to deliver the right level of support to meet specific needs or directly execute successful outcomes.

Your customer can choose the right level of support, expert guidance and insights that aligns with their budget, resources and IT environment, to resolve issues quickly and realize value faster at all levels of their lifecycle.

Additionally, this simplified portfolio makes it easier for partners to bundle in their own value-added implementation, deployment and ongoing management services. As an example, a partner can bundle in accelerators, such as one-on-one workshops, which provide deeper education on how to deploy a purchased technology.

Insights and analytics

In addition, the Cisco portfolio now provides usage and telemetry data, offering partners insights into how much their customers are utilizing the products they’ve purchased. This data becomes a critical tool to help partners engage with customers, ultimately with the goal to increase usage and satisfaction with purchases, which can lead to increased renewals. This data also gives partners a lens into opportunities on how best to position their services en route to upselling additional services.

Lifecycle Services Framework

Ultimately, Cisco’s simplified portfolio, along with insights and analytics, provide the foundation for partners to align their services around the Cisco CX Lifecycle framework racetrack, as shown in Figure 1.

Figure 1: The customer lifecycle

Partners can utilize this framework to align capabilities in their organization to deliver enhanced customer experiences in areas such as customer and user onboarding, implementation, adoption, expansion, training, customer success help desks, and traditional technical support. Likewise, partner CX capabilities need to meet customer expectations around regular reviews of product utilization and outcomes delivered, help with renewals and future planning, and provide timely updates on new features and offers.

The breadth and depth of partner lifecycle services, offered in concert with their industry and domain expertise, can create strong differentiators and help fuel future growth in four major areas:

◉ Increase deal sizes at purchase, because partners are better positioned to achieve a higher attach of Cisco CX offers and sell at a higher price point as a part of the bundled offer.

◉ Increase bookings, because more partner value-added services can be sold along with Cisco Simplified Portfolio offers. Partners will have opportunities to better differentiate themselves by offering accelerators for deployment and adoption of technologies.

◉ Increase renewal rates through insights and analytics, facilitating partner investments in their customers’ success as they work with customers around increasing adoption and renewal activities.

◉ Increase upsell pull-through, as partners utilize insights and analytics to identify additional upsell opportunities for Cisco product portfolio.

According to Cisco’s own research, by adopting the lifecycle selling framework, as shown in Figure 2, partners on average can expect to see a 1.15X increase in deal size, a 20 percent point increase in partner service pull-through, a 10 percent increase in renewal rates, and a 5 percent higher pull-through. Ultimately, this leads to increased partner revenues.

Figure 2: Partners can grow profitability with the CX lifecycle

How much additional revenue? Ultimately through the Cisco CX Success Portfolio and adopting the lifecycle selling framework, Cisco has discovered that over a five-year period partners on average can see a 2X increase in revenue, as shown in Figure 3.

Figure 3: Increased partner revenue through lifecycle selling

Survive and thrive

Essentially, Cisco CX is here to help partners not only survive by further differentiating their offers from traditional box reselling, but also thrive through increases in revenue over the lifetime of each deal.

In fact, this is the path Cisco took. In the last few years, Cisco has increasingly focused on growing its recurring software business, which has resulted in better visibility into future earnings and higher profitability. Partners can look to Cisco as an example of how they might evolve themselves.

Continue reading

Cisco Threat Response takes the leap with SecureX

Reimagine the grocery delivery experience

Even in typical times, grocery and household shopping is time consuming. Especially, if you need to visit multiple stores – a main supermarket for your basics, a specialty store to accommodate diet restrictions, and another for bulk items. In a fast-paced world – with time spent working, family caregiving, and other responsibilities – grocery shopping is a tedious but necessary chore…or is it? The evolution of acquiring groceries and household goods has been one to watch as grocery delivery services, such as Instacart and Shipt, is increasingly relevant. These companies have each built a platform with a network of grocery providers to solve the problem – a simple and efficient way for customers to purchase groceries without having to leave their homes.

Now let’s take grocery shopping to the next level. What if you didn’t even need to proactively browse items and put them in your Instacart grocery order. Imagine if your “smart” refrigerator had sensors to detect inventory levels, and connected to Instacart, your recipes, and meal planning apps. Groceries could be ordered automatically or on-demand based on the menu you’ve planned and what you actually need. One platform with all of your apps integrated and automated to simplify not only your grocery shopping experience but your entire cooking experience. This and many other platform experiences have been developing over the last several years to bring two (or more) sides of a connection together with more efficiency and use cases.

What does grocery shopping have in common with cybersecurity?

The cybersecurity industry is ripe for this type of innovation. We all know that the industry has historically been quite fragmented – at last count, an estimated 3000+ vendors are in this space and customers use, on average, 75 security tools. What does that mean for your security teams? Multiple tools share limited context between them with incomplete, labor-intensive workflows. Going back to the grocery experience, this is akin to visiting seven different stores in one day to tackle a shopping list for each store, and hoping you don’t miss an item. Also consider high lifecycle costs associated with maintaining interoperability, which is often limited. When you need to take into account an ever-evolving threat landscape and attack surface, this trend is not sustainable.

A platform journey two years in the making

Nearly two years ago, Cisco Threat Response debuted to combat this problem for Security Operations teams. As a valuable add-on application to several Cisco Security products — at no additional cost – Threat Response accelerated investigations and remediation by aggregating and correlating intelligence and data across your security products, both Cisco and third party. Threat Response has helped nearly 9,000 customers simplify their security operations. As Don Bryant, CISO for The University of North Carolina at Pembroke, says, “Having a holistic security platform has helped us simplify and accelerate our security operations. All of our tools seamlessly integrated through Threat Response gives us one view into our layered protection and valuable time back.”

Figure 1: Cisco Threat Response application for threat investigation and remediation

As background, Threat Response provides a visual, real-time answer for if, and how, threats have impacted your environment, so, you can take first-strike response actions in the same interface. Security operations teams use Threat Response to:

◉ Aggregate global threat intelligence: Search, consume, and operationalize threat intelligence, both public and private sources, with one application.

◉ Accelerate threat hunting and investigations: Visualize threats and incidents across multiple technologies in one view, then take response actions without leaving the console.

◉ Simplify incident management: Coordinate security incident handling across technologies and teams by centralizing and correlating alerts and triaging those that are high priority.

Now we’re continuing our mission of simplifying security and building on Threat Response core capabilities with SecureX, a built-in platform experience included with Cisco Security products. SecureX will make life even easier for Security Operations, and will also benefit Network Operations and IT Operations. Let’s talk about this evolution.

Is SecureX just a cool new name for Threat Response?

Since we announced SecureX at RSA Conference in February, you might be wondering, what’s the difference between Threat Response and SecureX? Are they one and the same – and SecureX is just a sleek rebranding?

The short answer is no. If Threat Response is like the Instacart of today, SecureX is the reimagined seamless grocery shopping experience we’ve envisioned above. Whether it’s the grocery or cybersecurity industry, the goal is always simplification. SecureX builds upon Threat Response’s core concepts of integrating your security products – both Cisco and third-party tools – to simplify security operations. Leveraging the success of Threat Response with Security Operations teams, SecureX takes this foundation to the next level to drive collaboration between SecOps, NetOps, and ITOps. SecureX simplifies security through:

1. Unifying visibility across your entire security environment.

2. Enabling automation in workflows to maximize your operational efficiency by eliminating repetitive tasks and human error.

3. Adding more out-of-box interoperability to unlock new potential from your Cisco Security investments and cascade them across your existing security infrastructure.

Figure 2: SecureX connects your entire security infrastructure

Enhanced Threat Response capabilities, now part of SecureX

Now as a key component of SecureX, Threat Response is enhanced to unlock even more value from your investments. Here’s how:

◉ You already know that Threat Response aggregates and correlates security context from multiple technologies into a single view, but now as SecureX threat response, users will have a customizable dashboard with ROI metrics and operational measures. And when you leave the dashboard, SecureX follows you to maintain contextual awareness and improve collaboration wherever you are in your Cisco Security infrastructure.

◉ Users will now be able to cut down investigation time even further by automating threat hunting and investigation workflows. With the orchestration feature in SecureX, users can set up event-based triggers to periodically hunt for indicators of compromise, create or add to a casebook, and post a summary in a chat room for collaboration.

◉ Threat Response had been rapidly growing its partner ecosystem, and SecureX not only expands the ecosystem instantly upon commercial availability but extends past it to include your core infrastructure. Together, our out-of-box interoperability with built-in and pre-packaged integrations from Cisco or select technology partners reduces the time spent integrating multiple technologies, or worse, working across multiple consoles. We’ll continue to support custom integrations via APIs, so any of the features of SecureX will work with your existing investments.

Similar to the reimagined grocery experience, SecureX brings greater efficiency and simplification in the midst of major market forces. The enhanced visibility, automation, and integrated platform capabilities with SecureX threat response further reduces mean dwell time by accelerating investigations and MTTR for SecOps. Without having to swivel between multiple consoles or do the heavy lifting integrating disjointed technologies, you can speed time to value and reduce TCO. SecureX will enable better collaboration across SecOps, NetOps, and ITOps – and ultimately simplify your threat response.

Continue reading

Intelligent Data Center Operations from Anywhere

The current business climate has forced all of us to adapt to new routines and new business processes. Never have the demands for data services been higher, nor has security for these services been more critical. These changes have placed a significant burden on data center operators who may be currently working from home.

If you are one of these data center operators and you are responsible for remotely supporting computing infrastructure, you may be leveraging a VPN connection to access data center-based tools to help you manage your compute devices. This can be effective, but there is a more modern, secure, and efficient way that’s also securely accessible from anywhere in the world.

Meet Cisco Intersight:

Cisco Intersight is a SaaS-based, intelligent operations platform that enables monitoring, deployment, compliance, telemetry, and more for your data center infrastructure. With its highly secure, device-to-service connections otherwise known as Device Connectors, Intersight can extend its reach to review and/or manipulate even the lowest-level components in your computing infrastructure. For instance, Intersight can intelligently:

◉ Configure or reconfigure server or HyperFlex clusters in their entirety; from the lowest level component, to installing an operating system

◉ Define policies and standards for consistent device configuration

◉ Update device firmware

◉ Compare server, firmware, OS, and driver versions to validate compliance with the Hardware Compatibility List (HCL)

◉ Display device-specific health, alarms, and detailed hardware inventory

◉ Integrate with Cisco’s Technical Assistance Center (TAC) to display contract status, streamline support case activity and analysis, and automatically initiate failed hardware Return Material Authorizations (RMAs)

◉ Analyze storage capacity and predict storage consumption

◉ Display inventory and metrics via customizable dashboard interfaces and widgets

◉ Provision Cisco Validated Designs and Solutions, such as HyperFlex SD-WAN

◉ Connect from the Intersight Portal, through a secure tunnel, to KVM interfaces

◉ Orchestrate and Automate infrastructure workflows

◉ Integrate with 3rd party solutions such as Pure Storage and VMware vCenter

◉ Reveal exactly how security vulnerabilities and advisories are affecting specific components in your infrastructure and how you can remediate

◉ Integrate and provide more fidelity to your ServiceNow ITSM platform

◉ And more…

Intersight leverages a Continuous Integration/Continuous Deployment (CI/CD) Model, so new functionality and capabilities are consistently being added.

Continue reading

Wi-Fi 6 OFDMA: Resource unit (RU) allocations and mappings

OFDMA (Orthogonal Frequency Division Multiple Access) is arguably the most significant feature of Wi-Fi 6. In a nutshell, it allows multiple clients to transmit or receive from an Access Point at the same time by sharing available bandwidth. OFDMA’s spectral efficiency improves transmission latency or delay in RF environment, which has moderate to high congestion level. Additionality, it will also increase throughput in certain Wi-Fi 6 deployments due to reduction in collisions and contention time.

Let’s look at various concepts of this technology at length. OFDMA allows sub-carriers in a channel bandwidth to be grouped into smaller portions called “Resource Units” (RU). These individual RU’s are assigned to different stations, which allows Access Points to serve them simultaneously during uplink and downlink transmissions.

These Subcarriers are further split into granular component called tones. It simply means that a RU consists of a group of tones. So how do we derive and visualize RU’s?

In Wi-Fi 6, subcarrier spacing is 78.125 KHz, which is four tmes narrower than 802.11ac’s 312.5 KHz.

Based on this, we can build a formula to calculate the number of tones for different bandwidths. i.e. Number of tones = (BW in MHz) x (0.078125 MHz).

The above formula gives us total tones of 256, 512 and 1024 for 20MHz, 40MHz and 80MHz respectively.

Are all of these used for data transmission? Certainly, not. Few of them are DC (direct conversion), Guard and unused (Null Sub carriers) tones. Hence, we have usable RU tones of 26, 52, 106, 242 and 996, which includes data and pilot subcarriers.

To condense, a single RU consists of minimum 26 tones and maximum of 996 tones.

In relation to bandwidth, it’s quite visual from below diagram that each 26 tone RU corresponds to approximately ~2MHz, 52 tones to ~4Mhz, 106 tones to ~8Mhz and so on.

RU Locations with Channel widths

Resource Unit Map

Next up, we will establish correlation between RU’s and Channel bandwidth. The below table represents Subcarriers per channel width mapping. It basically shows the number of OFDMA users for a particular tone at any given bandwidth. In 80Mhz, a maximum of 37 users are supported with 26 tone RU’s. In 40Mhz, a maximum of 18 users are supported with 26 tone RU’s. Similarly, in 20Mhz, a maximum 9 users are supported with 26 tone RU’s. Fields with user value as 1 is a SU (single user) case, where whole spectrum is allocated to one user.

Plot among tones, Bandwidth and number of users.

RU allocations can happen with a combination of tones. For example – if there are three stations associated, then the AP can assign 106 tones to the first two users and 26 tones to the third user. The AP can also assign 52 tones to the third user. These RU allotment decisions are dynamically made by the AP based on the client’s traffic type and its available amount for transmission. The AP learns the client’s buffer status by using a periodic sounding mechanism.

Latency sensitive real time voice and video applications are primary candidates for OFDMA.

Other applications involving large data packets can either choose MU-MIMO or SU transmission mode.

RU allocations within Channel Access

A Wi-Fi 6 AP still contends with non-Wi-Fi 6 stations for getting access to channels using EDCA.

EDCA provides contention-free access to the channel for a period known as Transmit Opportunity (TXOP), during which a station can transmit maximum frames.

RU allotments in both downlink and uplink directions are performed by the AP on a per TxOP basis.

During a TxOP, the AP can serve multiple Wi-Fi 6 users using single MU PPDU or data packet.

EDCA incorporates Access categories (AC) i.e. Voice, Video, Best Effort and Background. Hence, stations which needs to send data in the same access category are served together using Multi-user (MU) OFDMA packets. Stations with different AC tags are served using different MU data packets.

Do you have High density wireless deployment with latency sensitive application traffic? If yes, then now is the time to upgrade to Wi-Fi 6. It will also enhance IOT devices efficiency and performance in both 2.4GHz and 5GHz bands. OFDMA is an answer to issues like unavailability of network access and choppy voice or video in crowded places like Offices, Schools, Malls, Airports, Hospitals and even at homes with multiple streaming devices.

During these unprecedented times of social distancing, the significance of Wi-Fi is more than ever.

Cisco’s Wi-Fi 6 certified Catalyst 9100 Access Points (9130, 9120 and 9115) have full DL and UL OFDMA capabilities. In terms of client support, Intel, Samsung, Huawei and Apple are powered with Wi-Fi6 features.

Continue reading

A Mindset Shift for Digitizing Software Development and Delivery

At Cisco, my teams—which are part of the Intent-Based Networking Group—focus on the core network layers that are used by enterprise, data center, and service provider network engineering. We develop tools and processes that digitize and automate the Cisco Software Development Lifecycle (CSDL). We have been travelling the digitization journey for over two years now and are seeing significant benefits. This post will explain why we are working diligently and creatively to digitize software development across the spectrum of Cisco solutions, some of our innovations, and where we are headed next.

Why Cisco Customers Should Care About Digitization of Software Development and Delivery

Cisco customers should consider what digitization of software development means to them. Because many of our customers are also software developers—whether they are creating applications to sell or for internal digital transformation projects—the same principles we are applying to Cisco development can be of use to a broader audience.

Digitization of development improves total customer experience by moving beyond just the technical aspects of development and thinking in terms of complete solutions that include accurate and timely documentation, implementation examples, and analytics that recommend which release is best for a particular organization’s network. Digitization of development:

◉ Leads to improvements in the quality, serviceability, and security of solutions in the field.

◉ Delivers predictive analytics to assist customers to understand, for example, the impact an upgrade, security patches, or new functionality will have on existing systems, with increased assurance about how the network will perform after changes are applied. 

◉ Automates the documentation of each handoff along the development lifecycle to improve traceability from concept and design to coding and testing.

These capabilities will be increasingly important as we continue to focus on developing solutions for software subscriptions, which shift the emphasis from long cycles creating feature-filled releases to shorter development cycles delivering new functionality and customer-requested innovations in accelerated timeframes.

Software Developers Thrive with Digital Development Workflows

For professionals who build software solutions, the digitization of software development focuses on improving productivity, consistency, and efficiency. It democratizes team-based development—that is, everyone is a developer: solution architects, designers, coders, and testers. Teams are configured to bring the appropriate expertise to every stage of solution development. Test developers, for example, should not only develop test plans and specific tests, but also provide functional specifications and code reviews, build test automation frameworks, and represent customer views for validating solutions at every stage of development. Case in point, when customer-specific uses cases are incorporated early into the architecture and design phases, then the functionality of the intended features are built into test suites as code is being written.

A primary focus of digitization of development is creating new toolsets for measuring progress and eliminating friction points. Our home-grown Qualex (Quality Index) platform provides an automated method of measuring and interpreting quality metrics for digitized processes. The goal is to eliminate human bias by using data-driven techniques and self-learning mechanisms. In the past 2 years, Qualex has standardized most of our internal development practices and is saving the engineering organization a considerable amount of time and expense for software management.

­Labs as a Service (LaaS) is another example of applying digitization to transform the development cycle that also helps to efficiently manage CAPEX. Within Cisco, LaaS is a ready-to-use environment for sharing networking hardware, spinning up virtual routers, and providing on-demand testbed provisioning. Developers can quickly and cost effectively design and setup hardware and software environments to simulate various customer use cases, including public and private cloud implementations.

Digitization Reduces Development Workflow Frictions

A major goal of the digitization of software development is to reduce the friction points during solution development. We are accomplishing this by applying AI and machine learning against extensive data lakes of code, documentation, customer requests, bug reports, and previous test cycle results. The resulting contextual analytics will be available via a dashboard at every stage of the development process, reducing the friction of multi-phase development processes. This will make it possible for every developer to have a scorecard that tracks technical debt, security holes, serviceability, and quality. The real-time feedback increases performance and augments skillsets, leading to greater developer satisfaction. 

Workflow friction points inhibit both creativity and productivity. Using analytics to pinpoint aberrations in code as it is being developed reduces the back and forth cycles of pinpointing flaws and reproducing them for remediation. Imagine a developer writing new code for a solution which includes historical code. The developer is not initially familiar with the process or the tests that the inherited code went through. With contextual analytics presenting relevant historical data, the developer can quickly come up to speed and avoid previous mistakes in the coding process. We call this defect foreshadowing. The result is cleaner code produced in less time, reduced testing cycles, and better integration of new features with existing code base.

Digitizing Development Influences Training and Hiring

Enabling a solution view of a project—rather than narrow silos of tasks—also expands creativity and enhances opportunities to learn and upskill, opening career paths. The cross-pollination of expertise makes everyone involved in solution development more knowledgeable and more responsive to changes in customer requirements. In turn everyone gains a more satisfying work experience and a chance to expand their career.

◉ Training becomes continuous learning by breaking down the silos of the development lifecycle so that individuals can work across phases and be exposed to all aspects of the development process.

◉ Automating tracking and analysis of development progress and mistakes enables teams to pinpoint areas in which people need retraining or upskilling.

◉ Enhancing the ability to hire the right talent gets a boost from digitization as data is continuously gathered and analyzed to pinpoint the skillsets that contribute the most to the successful completion of projects, thus refining the focus on the search for talent.

Join Our Journey to Transform Software Development

At Cisco we have the responsibility of carrying the massive technical debt created since the Internet was born while continuously adding new functionality for distributed data centers, multi-cloud connectivity, software-defined WANs, ubiquitous wireless connectivity, and security. To manage this workload, we are fundamentally changing how Cisco builds and tests software to develop products at web-scale speeds. These tools, which shape our work as we shape them, provide the ability to make newly-trained and veteran engineers capable of consistently producing extraordinary results.

Cisco is transforming the solution conception to development to consumption journey. We have made significant progress, but there is still much to accomplish. We invite you to join us on this exciting transformation. As a Cisco Network Engineer, you have the opportunity to create innovative solutions using transformative toolsets that make work exciting and rewarding as you help build the future of the internet. As a Cisco DevX Engineer, you can choose to focus on enhancing the evolving toolset with development analytics and hyper-efficient workflows that enable your co-developers to do their very best work. Whichever path you choose, you’ll be an integral member of an exclusive team dedicated to customer success.

Continue reading

How do you gauge software quality before deployment?

Business leaders often question software development processes to identify their effectiveness, validate if release quality is maintained across all products and features, and to ensure smooth customer deployments. While providing data from multiple perspectives, I hear teams struggling to respond in a meaningful way. In particular, it’s hard for them to be succinct without communicating nitty-gritty details and dependencies. Is there a way in which we can objectively arrive at the release quality measurement to ensure an expected level of quality? Absolutely!

With more than two decades in the industry, I understand the software development life cycle thoroughly, its processes, metrics, and measurement. As a programmer, I have designed and developed numerous complex systems, led the software development strategy for CI/CD pipelines, modernized processes, and automated execution. I have answered the call for stellar customer journey analytics for varied software releases, allowing our business to grow to scale. Given my background, I would like to share my thoughts on our software development process, product and feature release quality, and strategies to prepare for successful product deployments. I look forward to sharing my opinions and collaboratively working with you on building customer confidence through high-quality software deployments.

But, before I begin, here are some terms the way I think of them:

◉ Product Software Release— Mix of new and enhanced features, internally or customer-found defect fixes, and may contain operational elements related to installations or upgrades.

◉ Software Release Quality— Elements like content classification, development and test milestones, quality of the code and test suites, and regressions or collateral to track release readiness prior to deployment.

◉ Release Content— Classified list of features and enhancements with effort estimations for development. For example, we may use T-shirt size classification for development efforts (including coding, unit testing, unit test found bug fixes, and unit test automation): Small (less than 4 weeks), Medium (4-8 weeks), Large (8-12 weeks), Extra-Large (12-16 weeks). Categorize feature testing similarly as well.

◉ Release Quality and Health— Criteria for pre-customer deployment quality, with emphasis on code and feature development processes, corresponding tests, and overall release readiness.

Through this lens, let’s view the journey of our Polaris release. Before we do, let me emphasize that quality can never be an afterthought, it has to be integral to the entire process from the very beginning. Every aspect of software development and release logistics require you to adopt a quality-conscious culture. I believe there are four distinct phases or checkpoints to achieve this goal:

◉ Release content, execution planning and approvals— During this phase we must get our act straight. Good planning will yield great results. Preempting issues and executing on a mitigation plan is critical. Adopt laser-sharp focus on planning for features that will be developed and tested. To be effective, we must allocate a 70:20:10 ratio for complex and large features. Seventy percent of the challenging features will have to be developed first and tested early in the release cycle, twenty percent of them will be addressed in the next cycle, and ten percent at the end of the cycle. Small, medium and test-only features should be distributed throughout the development cycle depending on resource availability. In this way, the majority of the completed code can be tested early in the process and in parallel! This will help us drive shift left best practices and make them integral to the culture of our organization.

◉ Phase containment, schedules, and quality tracking—This phase represents the core of execution. We need to build a framework for success to guarantee quality. The key is to develop fast, tackle the complex stuff early, and to allow ample time for soak testing. Build the metric and measurement around it. Phase containment is essential for success. During this phase, focus on development and design issues, automation, code coverage, code review, static analytics, code complexity, and code churn data analytics to help build quality. Build the metrics and measurement around these elements and adhere to development principles. If any features do not meet the schedule or quality checkpoints, we must be prepared to defer them and remove them from the release train. The quality metrics should include, the number of features that have met their development schedule, undergone the feature/functional tests with 100% execution, and can claim a 95% pass-rate! If we follow an agile development model, each developmental and validation task must be tracked per sprint. We must document the unit-test found defects at the end of the sprint cycle; especially, if they move from one sprint cycle to the next. Daily defect tracking and weekly review with executives will bring the required attention and visibility as well.

The following image illustrates one such scenario:

◉ Testing and defect management convergence— This phase can make or break a release. Since development is complete and a certain level of quality has been achieved (though not quite release-ready) it entails more rigorous testing. Tests, such as system integration testing, solutions and use case-driven testing, and performance and scale testing, provide greater insight into the quality of the release. Use time effectively in this phase to track the test completion percentages, the pass-rate percentages, and your metrics surrounding defect management. Defect escape analysis testing will highlight developmental gaps while making for a good learning opportunity. Another invaluable metric is to study the trend of incoming defects. If things are working as they should, you will notice a steady decline each week. The incoming defect rate must decline towards the end of testing cycle! This is a key metric as well.

◉ Ready, set, go— In this phase, embark on a stringent review of readiness indicators, carry out checks and balances, address operational issues, finalize documentation content, and prepare for final testing. Testing may entail alpha, canary, early field trials in a real customer environment, or tests in a production environment to uncover residual issues. This phase will provide an accurate insight into the quality of the release.

As you can see, there are many ways we can equip ourselves to measure the quality and the health of a release. Building a process around developing the quality code and discipline in managing the phase containment are the key ingredients. It is important to build a culture to track the progress of shift left initiatives, focus on code quality and schedule discipline. Best of all, data-driven analytics and metrics will empower us to answer all queries from executives with confidence!

Continue reading

Real Users Speak: Cisco and the Elements of Robust Email Security

What does it take to implement robust email security? According to users of Cisco Email Security (ESA) on IT Central Station, it takes a combination of distinctive elements in an email security solution to attain this goal. These include sophisticated filtering, built-in intelligence and policy definition and enforcement capabilities. The system should also be easy to use.

Real users share their unbiased opinions on what makes Cisco Email Security the #1 ranked product in IT Central Station’s Messaging Security category.

Filtering out spam and phishing messages

Companies worry about employees clicking on malicious links in phishing emails or getting deluged with bogus spam messages. Indeed, the attack chain for a great many data breaches and ransomware attacks starts with an email to an unsuspecting person.  Effective email filtering is thus a compelling feature for an email security solution. IT Central Station members expressed this opinion.

For example, Michael L., a Network Security Engineer at Konga Online Shopping Ltd., a retailer with over 1,000 employees, acknowledged that Cisco Email Security Appliance (ESA) “helped with mail filtering and load balancing between Exchange servers.” In particular, he singled out Cisco Email Security because, as he said, “Cisco Email Security enabled us to blockade domains that send these emails. Cisco Email Security gave us fantastic service. The filtering is something I found very valuable.”

“Initially, the most valuable feature for us was the SenderBase Reputation,” said a Regional ICT Security Officer at an energy/utilities company with over 10,000 employees. He added that it “reduced the number of emails that were even considered by the system by a huge number, before we ended up processing them to get through the spam, the marketing, and the virus-attached emails. Since then, customized filtering has been very effective and useful for us.”

A Security Engineer at an energy/utilities company similarly remarked, “We have seen ROI. Only 70 percent of phishing and bad emails are getting through. There are very few solutions that boast this percentage of filtering. This level of filtering helps our company. The most valuable features are Advanced Malware Protection, URL filtering, and of course Reputation Filtering.”

Built-in intelligence

The volume and variety of email translates into a need for security that’s augmented by machine intelligence. Cisco ESA users spoke to this ability, with John A., a Network Security Engineer at a small tech services company, noting that, “Cisco was scanning our emails with their own intelligence. I liked that.” An Information Security Analyst at a healthcare company also commented on Cisco ESA’s Intelligent Multi-Scan (IMS) engine, saying “it does a good job, right out-of-the-box, of blocking the vast majority of things that should be blocked.”

For the energy company Regional ICT Security Officer, built-in email security intelligence came in the form of Talos. As he put it, “Instead of just specifically stopping known spam sources and using that to stop virus-infected emails, the Talos solution which they’re now providing has a lot of attraction because it helps to prevent phishing emails.”

Policy enforcement

IT Central Station members addressed the issue of security policy definition and enforcement as an element of strong email security. As Keith K., a Senior Email Engineer at a legal firm with over 1,000 employees explained, “We use it [Cisco ESA] for different policies or as another scanning engine, e.g., on the desktop or for data coming through another email gateway.” He added, “The most valuable feature is the policies or rules that you can put on it. This definitely helps with routing specific things to different destinations within our organization, or even potentially blocking when something is coming in and out.”

Setu S., a System Administrator at a financial services firm with over 1,000 employees echoed this sentiment, sharing that his team uses Cisco Email Security for “customized policies based on our security measures using this tool to scan the emails in our inboxes.” He noted, “We also check all incoming emails. Because we can customize policies with it, we have good documentation.”

Ease of use

Email security is challenging enough that security professionals prefer solutions that are easy to use. In this context, Mir A., a Network Engineer at a hospitality company with over 10,000 employees, observed that Cisco ESA “was really easy to implement.” As he said, “Even a newcomer joining the company could easily implement it.” John A found that “anybody could use it. You don’t have to be familiar with IT to be able to handle navigating it. The deployment was quite easy.”

This user also noted, “GUI is self-explanatory: If you want to block emails, you want to erase emails, you do the IP address configuration and what your DNS is.” The healthcare Information Security Analyst said, “Black-listing and white-listing are highly intuitive and easy to do.”

Continue reading