Bloor bets on CEP for 2012

Thanks to David Luckham for pointing out an interesting set of predictions from Philip Howard, analyst at Bloor Research. The top 3 were directly CEP-related, the others mostly indirectly CEP-related…

  • Real-time everything. … What I think is interesting is the growth in the data replication market specifically to support real-time BI as opposed to failover, disaster recovery, zero-downtime migrations and the like. I would not be at all surprised if we see the introduction of lightweight BI-only data replication products into the marketplace.

Right-on! The world is indeed real-time, and businesses are increasingly realising it (and in some cases, IT departments too). As for BI-only data replication… using real-time data and event technologies (e.g. TIBCO ActiveSpaces) provides the BI data alongside the operational data in real-time – you want to replicate to the database for analytics and archiving only, rather than replicate to the real-time data store!

  • Continuous BI. I think we’ll hear a lot more about this as a generic market for complex event processing as opposed to the vertical markets that CEP has previously addressed.

Again, this is already happening, although the traditional BI vendors are resisting the change as much as possible. CEP vendors are using terms like operational visibility, operational intelligence, continuous intelligence, real-time analytics etc – to pretty much all indicate the same continuous BI capability. So computing statistics on-the-fly is an increasing trend, but note is not yet formalised (I haven’t seen any text book on this topic yet).

  • CEP adoption by SIEM vendors…. and smaller, more agile companies … all offering CEP in this space …

Security Information and Event Management is in some ways a subset or specialisation of CEP: SIEM is about managing security events, security event processing, and management of detected security events. CEP tools are already doing this at the cyber-security scale, and most SIEM tools I see are providing (usually constrained) CEP capabilities. The problem is that every event can be considered from a security perspective (e.g. TIBCO Hawk detecting resource usage increases and monitoring log files) so there is often an advantage in taking the wider CEP view than some vendors’ limited perspective on what constitutes a security event.

  • Warehousing adoption by SIEM vendors. …How can you claim to offer analytics against security and log data if you don’t have an analytic platform to support it? …

Although one should not confuse data warehouses with analytics, the implication is clear: apart from real-time analytics you should also consider long-term trend analysis and other predictive analytics against your events (security and otherwise), using appropriate visual and statistical analytic tools (e.g. TIBCO Spotfire and TIBCO Spotfire Miner respectively).

  • Growth in PMML adoption. … the standard for porting data mining models. …

PMML is a great idea and hopefully it will mature more for useage across the SAS and R communities over the coming months. Apart from the analytics standard there is also work on decision modelling (DMN) which could have even wider repercussions (not that I’m biased at all!).

  • Lots more big data. … As more products and companies enter this space, or claim to, the more murky the whole big data thing will become.

As more big data is created, there will be more clamour for processing it before it becomes data (i.e. as events).

  • The emergence of the Data Scientist. …

Or Company Statistician? Or Business Event Analyst? To go with the Business Process Analyst and Business Decision Analyst presumably…

  • The logical data warehouse. …

So is this the start of the demise of the illogical data warehouse? From an event perspective, data warehouses are really for storing old events for long term analytics purposes. That shouldn’t be a big deal…