Making Sense of the ‘C’ Word
By Phil Clark, Marketing and Channel Development Director, niu Solutions
Once you have stepped off your cloud assisted train, and bought your managed cloud croissant, you can log on to your cloud hosted desktop, which attaches to your cloud network, to your cloud v-server running your applications-as-a-service.
If you are senior IT Decision Maker, I’ll put a hefty bet they you are currently being bombarded with this sort of ‘cloud’ marketing collateral from every direction right now.
The truth of the matter is almost all providers have re-badged their traditional businesses with the ‘c’ word, hoping to get your attention. All the time this is happening, the industry risks devaluing what could be a real transformation in the IT and business applications space.
Apps is actually where it’s at. You have probably got a view that you need to run some applications. These range from highly customised, “only would ever work for your business”, core business applications that are the crown jewels of your industry; through to “everyone’s got one” email and payroll systems. In truth, you have some skills in house to do a lot of the work to keep these applications afloat, but it’s a limited pool, some of the apps don’t have 24x7, some of them are creaking at the seams, and some are working beautifully.
Application by application you have a different landscape of things that are complex and interrelate. And the interrelationships are critical, because if these break your business processes break. Then your users complain. Then your helpdesk gets swamped. Then the board start moaning about IT….
The relentless marketing machine in IT says you should buy some cloud to solve this. And maybe you should, but in reality, rather than focussing just on the delivery model, first shouldn’t we all focus on the applications needed to run a successful business, innovate above competition and deliver value to customers?
Instead of choosing between the cookie-cutter 5p per user per month model to buy some e-mail from an unknown data centre, or 10p per user per month outsource your full Payroll system, or for 50p per user per month your warehouse system can sit on the “Cherry Picker Cloud” service run from a eco-friendly data centre in Iceland – shouldn’t you look to something that fits your own business need?
A cloud is made up of hosted IT and Applications. A cloud service that is meaningful to business need is bespoke IT and applications that meet specific short and long-term requirements, integrated with appropriately sourced cloud services from best of breed providers - and most importantly, your internal IT function.
Our aim is to provide a service which complements your existing working services, and replaces the ones that need attention with the right solution picked from our own services, partner services and alternative delivery models. We have been providing services like these for over 10 years, making sure we consider more than just cost and “self service provisioning” when advising our clients and delivering services. It just wasn’t always called ‘cloud’.
A “typical solution” of ours doesn’t exist within our customers. All of our customers have trusted us to integrate various IT components, from their own skills, third party skills and our own skills to provide the service they need to run their business. In IT terms, we have integrated Colocation Services, Remote Managed Services, Hosted Services, Virtual Desktop Services, Public Cloud Services, Mobile Device Management Services, Public and Private Network Services, Voice / Telephony Services, Collaboration Services, ERP Services, CRM Services within our Helpdesk and Service Management Services and it works. Only one cloud in that list.
If you’re looking for more bamboozling cloud blurb – here at niu, we actually take the water droplets, and design clouds that will float past your window in interesting shapes that make your day. We can pull the water droplets from your common all garden Cumulonimbus, get a few from the Stratus, a soupcon from the Nimbus, and give you a cloud that will sit under your feet whilst doing your day job.
_____________________________________________________________________________
Taking Critical Control Of Your IT Security
By Darren Pitman, niu Solutions’ Compliance & Security Practice
When developing a cyber security strategy there’s so much to consider, with hundreds of potential products and controls to think about – it’s often difficult for organisations to determine where to start and how to prioritise each one. Most organisations have a pretty good grasp of what’s important and in many cases they are relatively successful in creating a security strategy that will suffice, but still need advice and guidance on maximising their investments and moving from a reactionary position to one that delivers proactive protection.
For several years now, savvy organisations in the US have been using the SANS ’20 critical controls for effective cyber defence’. Increasing media coverage on cyber security, threats and best practice has accelerated board level attention and put pressure on IT teams. The critical controls provide a focus for organisations, enabling them to address their security issues and compliance requirements in the most efficient and cost effective way.
This year CPNI (The Centre for the Protection of National Infrastructure) has recognised the benefit these guidelines can offer to organisations in the UK and is participating in an international government-industry effort to promote them to businesses.
As a globally recognised set of guidelines, organisations of all sizes and functions can use these to confidently shape the development of a successful security strategy or, more likely, help them to build upon and maximise those they already have in place.
The 20 critical controls present an opportunity for UK organisations to assess existing strategies and address where the gaps may be and in which areas they’re most lacking. Implementing all of these controls to an effective standard and being able to continually monitor them will not only make organisations much more secure but will also simplify any compliance requirements they may have. In fact, for many organisations, this will enable them to move from a pure 'box ticking’ approach to one that provides more tangible benefits.
Of course, organisations should still complement their IT security strategy with overall policy and governance in mind, including organisational structure, personnel and physical security controls. As the threat landscape evolves, regulations get tighter and the culture within organisations changes; it can seem like treading water to try and keep on top of everything. These critical controls will help organisations stay on top of the IT element of its overall security strategy.
To find out more about the 20 critical controls and how your organisation can get ahead visit http://www.niu-solutions.com/products/20-critical-controls-for-effective-cyber-defence
_________________________________________________________________________________
After years of observing this wonderful industry, I am firmly of the opinion that we are experiencing a gear-shift in technology that is as profound as the printing press in 1436. Take a look at the way people - young people especially – communicate today.
My 14 yr old son and his peers have a profound understanding of communications and technology – and how to adapt that to meet their needs. For example, he recently explained to me how to bypass the school firewall. I'd like to say he's a chip off the old block, but all his pals are the same.
My old NHS audit boss used to say: Steve, think like a criminal and work backwards when you develop defences against fraud and other criminal behaviour. That was 1981. 30 years later that principle still holds true when it comes to IT security and governance matters.
It’s not just the youngsters though, the 20-30 something’s at the Chaos Computer Club in Germany are astounding. The Club is the elite black and white (and grey!) hat hacker group for the region. Unsurprisingly, it has spawned uber-hackers such as Karsten Nohl - the guy whose team has progressively subverted the A1 and A5 encryption systems that form the heart of the GSM and 3G cellular networks.
These guys can now eavesdrop in real time on our mobile phone calls and mobile data sessions. It takes them four minutes to decrypt a WPA2 WiFi password using a multi-core multi-GPU equipped PC. You'll see on the screen you can crack a WPA2 WiFi password in four hours – that's not bad value for £30.00.
It’s all out there on the Internet as open source software. Chuck in a few hundred dollars of hardware and away you go cybercriminal!
What we are seeing here is a technology-driven culture of younger people that have not known a time when they did not have the Internet at their disposal. They really do use the Internet to consume information, to interact, and to communicate in ways and means many of us are only just beginning to fathom.
This all feeds into a brave new world of industrial espionage. It may sound way-out there but terrorist subversion, cyber heists and social engineering have all spawned from this gearshift in technology practice. It is still an arms race, but it’s bigger and quicker than ever. Did you know that Al Qaeda has a 30-strong technology group that specifically used IT subversion to promulgate its jihadist messages of hate? Or that online heists of big bank accounts are taking place using Zeus and SpyEye malware.
This is a real stuff. Not Spooks on a Sunday evening. This is the security threat we – as an IT industry – now face in the real world. I write about this stuff. It's riveting – and it's also frightening.
Combating it all comes down to the effective use of technology to counter cyber-criminality, cyber-espionage and cyber-terrorism. By taking a multi-layered strategy of harnessing the power of as many types of security technology as you can muster, you will create a defensive system for your organisation’s digital assets that is greater than the sum of its constituent parts.
There are plenty of resources out there to help you find out more. I refer you to the COBIT security framework from ISACA, the not for profit governance association and materials available from organisations such as the ISF and ISC(2). We’re not alone in the fight. These non-profit making associations are populated with like minded professionals, who like many of you, are working hard to find a way through the minefield of IT security and governance today.
