At last week’s second annual Built to Change Summit CA Technologies updated analysts and journalists on where it and the markets it’s pursuing — primarily DevSecOps, with a heaping helping of mainframe — are, where they’re going, and how the software toolmaker will grab a bigger slice of the rapidly growing digital transformation (DT) pie, which is being largely driven by software, and more specifically, applications. While the money being lavished on DT and DevSecOps are staggering, CA’s ability to grow with this opportunity remains at best a work in progress, with relatively flat sales and forecasts.
Based on the market data, CA should be in the DT/DevSecOps sweet spot, and poised for rapid and sustainable growth. According to a new report, IDC’s forecast for the global DevOps software market — in excess of $5.6 billion by 2021 — was way off. MarketsandMarkets predicts that CA’s future has a much bigger potential upside — $10.31 billion by 2023 — up from $3.42 billion in 2018. Even better for CA, the market growth will be powered ‘due to the increase in the adoption rate of Artificial Intelligence (AI) and machine learning among enterprises.’
So all that remains to be seen is if CA can continue to grow with the software-enabled, data-driven, digital transformation business phenomenon that will run on DevSecOps, while reducing, if not eliminating, the shackles of its legacy businesses and embraces software-as-a-service and more flexible pay-as-you-go consumption models. It faces many competitors — including IBM, Micro Focus (HPE), Puppet, Red Hat, Microsoft and Chef Software — and must continue to innovate at speed, and execute with precision and agility. That’s a lot to ask, but for a company that’s been around since 1976, probably not too much.
Automation, AI and ML were front and center at BTCS 2, and while the company didn’t coin this phrase — “Software is eating the world but AI is eating software” — it was critical to the company’s future, said Ashok Reddy, Group GM, DevOps. He and other company execs, made it clear that artificial intelligence and machine learning were being aggressively pursured in a multitude of initiatives and products.
Just prior to the summit, CA’s CTO and EVP Otto Berkes said there is “massive potential” to apply machine learning and machine intelligence. amd that the company has some “very pragmatic solutions” already in the market, and is doing a “lot of experimentation” on machine learning and machine intelligence. They figured prominently in last weeks product initiatives, as well as a number of its boundary-stretching initiatives, i.e. CA Accelerator, its internal fail-fast venture-capital program, and its Strategic Research intiative, under which a number of longer-term projects, 5-10 years down the road, are undertaken.
The Accelerator deep-dive featured presentations from Andrew Homeyer, Founder, Waffle.io (a project management tool for dev teams that uses GitHub data as the primary source of record), and Marc Chipouras, Founder, FreshTracks (a fast-to-market solution for teams serious about container operations, particularly teams using Prometheus together with Kubernetes).
With more than 70 patents granted, and 75 papers published, the Strategic Research team announced last week that it will collaborate on three projects funded by the European Union (EU) Horizon 2020 program. The three projects are:
-ALOHA (Adaptive Learning on Heterogeneous Architectures) for Deep, Secure Learning, which is intended to improve human decision-making in IoT applications;
-ENACT for Smarter IoT, which aims to drive faster innovation across trustworthy, smart IoT systems through new development, operation and security applications that span IoT, edge and cloud infrastructures; and,
-PDP4E (Privacy and Data Protection for Engineers) for Better Privacy and Personal Data Protection, which will address the protection of personal data, and explore how to better enable the development of code that allows companies to comply with General Data Protection Regulation (GDPR), by enabling engineers with tools to integrate data privacy during the development process (or “Privacy by Design”).
Automation, artificial intelligence and machine learning will play key roles in cybersecurity, said Sam King, GM of CA Veracode. “AI and ML lend themselves really well to security.” The proliferation of sensors, data, and alerts will demand people-less solutions for speedy and cost-effective resolutions, she added.
King said security is a critical component of CA’s aspirations to be the toolmaker to the toolmakers that are bringing about the application economy and the Modern Software Factory. “If every company is a software company… trust becomes important.”
More money is being budgeted for cybersecurity, but this is a relatively recent trend, and while it is accelerating, it will take time, she said. “The traditional forms for what you get out of investments don’t apply to security”. “The new language and conversations between security and business people… it’s not a one-and-done thing.”
Like digital transformation, the Sec portion of DevSecOps is changing. “Identity is the new perimeter,” said Mo Rosen, GM, CA Security. That’s because in an app-driven economy where every company is a software company facing a greatly expanded threat surface, the issues of scale and a corresponding shortage of talent, especially in security, demands a new approach that combines AI with ML and analytics.
“There is no other way,” added Mark Curphey, former CEO of SourceClear, a new addition to CA’s portfolio (April 2018). People used to rely on NVD (the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol/SCAP), said Curphey, but changes are happening too fast, it’s no longer up to the task.
His company developed a SaaS-based software composition analysis tool, which relies on a proprietary vulnerability database that goes significantly beyond the NVD, and a unique vulnerable methods technology that increase the actionability of SCA results. ‘SourceClear’s SCA solution not only tells you which applications have a vulnerable component, it tells you whether or not the functionality is being used – something no other SCA solution can offer,’ noted King, whose Veracode is a slightly less-recent (April 2017) acquisition. In addition to ‘greatly’ reducing false positives, it ‘also allows developers to prioritize which components to fix, saving time while reducing risk.’
While DevOps – DevSecOps – and DT are CA’s future, it’s past and a large part of its present and future conntinues to be focused on the IBM mainframe, which is staging a mini-renaissance. It’s no longer a point of departure, said Barry Becker, VP, Hybrid Cloud Services, IBM.
Big Blue was both a presenter at BTCS 2, and a partner in the announcements, including CA
Brightside, which makes it easy to integrate the mainframe into enterprise DevOps workflows, now available on IBM zCloud, and Mainframe Resource Intelligence, a SaaS-based offering that helps clients realizes ROI opportunities for the mainframe through an assessment and recommendations to optimize performance. Customers have really challenged IBM in terms of consumption of MIPs, said Becker, and its response has been zCloud, a consumption-based, pay-as-you-go model, i.e. “mainframe as a service.”
Clearly, CA is in a fluid stage as it morphs to the app-driven DT future while evolving its mainframe roots into a more attractive pay-as-you-go subscription model. “We are in transformation ourselves,” said Ashok Reddy, Group GM, DevOps, who added CA believes it can also be doing better. For instance, for the first time the company is delivering more revenue from growth markets. “The strategy is really to help companies out with their digital transformation… it’s not as much about selling product but helping companies to be successful.”
DISCLAIMER: In addition to being a shareholder of CA (and others referenced in this article), the company looked after my travel expenses to Built-to-Change Summit 2018.