VitAL Magazine - July-August 2014 by 31 Media

VOLUME 8 | ISSUE 4 | July - August 2014

V ITAL INSPIRATION FOR THE MODERN BUSINESS

How well do you know cloud computing?

INSIDE Viewpoints Now you see me, now you don’t!

VitAL Security How secure is the “IoT”?

Shared Service Management The natural way for all your departments to work together

Let your services ﬂourish with Shared Service Management.

Our software is standardized, modular and scalable. Moreover, it is available

TOPdesk’s service management software features modules that are

both as on-premise and SaaS. This makes it the ideal tool for quickly and

designed speciﬁcally for supporting departments such as IT, FM and

successfully building a shared service centre – no matter your world.

HR. Creating a cohesive work environment has never been easier. Want to learn more? Call us at (0)20 7803 4200 or visit topdesk.co.uk.

Service Management Simplified

Contents

Contents 8 NEWS

18 VitAL SECURITY How to prepare for an impending security breach

Bank gains new Government Cyber Essentials certification

Garry Sidaway gives his advice on how to define and test your incidence response plan and discusses risk management, and governance and compliance...

Disruptive cyber attacks a growing concern for UK organisations Do you know what’s happening across your IT estate? Flexible working change welcome but it’s still too easy to say “no”

14 VIEWPOINTS Pay attention! You’re not clear! 15 Now you see me, now you don’t!

NATIONAL SOFTWARE TESTING CONFERENCE 16 2014 REVIEW Sophie-Marie Odum shares her thoughts on the first ever National Software Testing Conference, held in May at the British Museum...

Times change, but the threat remains How should organisations mitigate their risk of suffering a damaging data breach? Steve Smith describes a stepwise approach to the problem...

24 COVER STORY Approach the cloud with curiousity and caution Sophie-Marie Odum speaks to the CIO of Leeds Building Society,Tom Clark to find out his thoughts on cloud computing...

24. Approach the cloud with curiousity and caution

18. H ow to prepare for an impending security breach

www.vitalmagazine.co.uk | July-August 2014

THE EUROPEAN SOFTWARE TESTING AWARDS

2 0 1 4

RECOGNISING AND CELEBRATING TECHNICAL EXCELLENCE

ENTRIES ARE NOW OPEN VISIT WWW.SOFTWARETESTINGAWARDS.COM The European Software Testing Awards is an independent awards programme designed to celebrate and promote excellence, best practice and innovation in the software testing and QA community Why Enter? • An opportunity to be acknowledged and rewarded • With such recognition comes self belief, the breeding of success, and the attraction of fresh and bright talent • High levels of exposure and acclaim for each individual, team, and organisation, as well as the profession as a whole • Impress partners, clients and investors • Network, interact and learn from Europe’s software testing elite.

Here are some of the 2013 winners: •

John Lewis IT

•

Close Premium Finance

•

Lloyds Banking Group in partnership with Cognizant Technology Solutions

•

Jaspersoft

•

TechMahindra

LMAX Exchange

•

Knowit Oy

•

Could you be a winner this year? Enter now! Sponsors

Supported by MAGAZINE

Headline Sponsor

THE EUROPEAN SOFTWARE TESTER

Contents

Contents 26

IT SERVICE MANAGEMENT Managing the stable door Stuart Facey examines the ways businesses can effectively control third party access to IT systems...

From automation to orchestration While service automation has a track record of delivering real value for the service management organisation, a more all-encompassing approach – where automation across a number of separate areas – is now starting to transform the service desk, Sujoy Chatterjee, and Hardeep Singh Garewal explain...

34. How are chatbots changing modern business?

How are chatbots changing modern business?

CLOUD COMPUTING

It was recently reported that a chatbot passed the Turing test by fooling people in a text conversation that it was a human. Nick Chowdrey investigates what implications this could have for businesses…

Questions for your cloud service provider Stephen Coty walks us through the security questions you should ask your service providers, and how to get the most out of the relationship while maintaining the highest levels of security...

Is endpoint management dead? Ashley Leonard looks at how endpoint management can combat modern business challenges such as BYOD, shadow IT, IoT and multiple device ownership, and how it is moving to a cloud-service and reducing the burden for IT teams...

32 Can cloud power the future UK tech economy? VitAL Magazine reports on a recent event that looked at the cloud’s role within the UK tech economy...

VitAL MANAGEMENT

END-USER STORY Direct approach to improving support services Learndirect shares with VitAL Magazine how it was able to improve its customer service and operational efficiency with a new technical support desk...

REAKTHROUGH B TECHNOLOGY Android Auto added to next generation cars

28. From automation to orchestration

www.vitalmagazine.co.uk | July-August 2014

Android Auto takes to the driving seat. SophieMarie Odum investigates...

Leader EDITOR Sophie-Marie Odum sophie.odum@31media.co.uk Tel: +44 (0)203 056 4599 ADVERTISING Advertising Manager Nick Hayward nick.hayward@31media.co.uk Tel: +44(0)203 668 6949 Advertising Executive Sarah Walsh sarah.walsh@31media.co.uk Tel: +44(0)203 668 6945 DESIGN & PRODUCTION Tina Harris tina.harris@31media.co.uk EDITORIAL & ADVERTISING ENQUIRIES 31 Media Ltd 41-42 Daisy Business Park, 19-35 Sylvan Grove, London, SE15 1PD Tel: +44 (0) 870 863 6930 Email: info@31media.co.uk Web: www.vitalmagazine.co.uk PRINTED BY Pensord, Tram Road, Pontllanfraith, Blackwood, NP12 2YA © 2014, 31 Media Limited. All rights reserved. VitAL Magazine is edited, designed, and published by 31 Media Limited. No part of VitAL Magazine may be reproduced, transmitted, stored electronically, distributed, or copied, in whole or part without the prior written consent of the publisher. A reprint service is available. Opinions expressed in this journal do not necessarily reflect those of the editor or VitAL Magazine or its publisher, 31 Media Limited.

Is the end of the traditional high street bank nigh? Recently, I visited my local bank branch on a Saturday afternoon and was surprised how busy it was, especially as a new report from Juniper Research found that over 1.75 billion mobile phone users will have used their devices for banking purposes by the end of 2019, compared to 800 million this year. This signals that the necessity for traditional branches could soon come into question. The report, Mobile & Online Banking: Developed & Developing Market Strategies 2014-2019, notes that emerging countries such as China, India and Bangladesh also witnessed significant growth in the past 12 months. Report author, Nitin Bhas, said, “The level of maturity in number and innovation of services being offered in the market across several geographical areas, demonstrates that banks now regard the mobile channel as an indispensable revenue-stream. However, with the mobile channel becoming a key customer retention strategy, it presents a great challenge to traditional institutions.” Whilst some banks have tried to keep up with changes in technology, by utilising in-branch iPads, the decreasing number of branch visits by consumers, and also the closure of physical bank branches, have confirmed the scale of this challenge over the past 12-24 months. For example, in April 2014, RBS UK announced the closure of 44 branches across the UK.

T H I R T YO N E

The chief executive of the British Bankers Association (BBA) also recently called time on the traditional high street branch. Anthony Browne admitted that “branch numbers will continue to fall” and that those who call for a return to branch banking are “out of kilter with what millions of customers want”.

VitAL Magazine, proud to be the UKCMG’s Official publication.

I, personally, do most of my banking online, or via the “app” and sometimes over the phone, but I can imagine that high street branches will remain important for those bigger moments such as when a customer takes out a mortgage or large loans, or wants to resolve a concern or complaint... My recent 45-minute wait at my local branch proves this!

ISSN 1755-6465 PUBLISHED BY:

ITIL ® is a Registered Trademark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the US Patent and Trade Mark Office.

So we won’t wave goodbye to traditional branches just yet!

PRINCE2 ® is the Registered Trade Mark of the Office of Government Commerce. MSP ® is the Registered Trade Mark of the Office of Government Commerce.

Sophie-Marie Odum Editor

www.vitalmagazine.co.uk | July-August 2014

News

Bank gains new Government Cyber Essentials certification Barclays has become the first major organisation to gain the new Government Cyber Essentials certification for its digital banking services, including MyBarclays, BMB, and Pingit.The certification was awarded following assessment of its security by certification-body Gotham Digital Science (GDS). GDS is accredited by CREST to carry out Cyber Essentials and Cyber Essentials Plus certification services.

To demonstrate basic cyber hygiene and reach Cyber Essentials certification through GDS, Barclays Digital Banking had to complete the Cyber Essentials Questionnaire. An external perimeter vulnerability scan was also carried out, which is an additional requirement for Cyber Essentials certification that is mandated by CREST.

Philip Sowter, mobile banking director at Barclays, said, “We identified this new government scheme as an important part of our plans to help customers in the digital age transact completely safely and securely.

The Cyber Essentials Scheme is part of the UK Government’s National Cyber Security Strategy, and provides an independent assessment of the essential security controls that organisations need to have in place to mitigate risks from Internet-borne threats.

“We are pleased to be involved with the scheme and to have been recognised by the Cyber Essentials Certification. We are working with GDS towards the Cyber Essentials Plus certification.”

Systems that fall within its scope include Internet-connected, end-user devices such as desktop PCs, laptops, tablets and smartphones, and Internet-connected systems including email, web and

Embrace online advertising technologies The online advertising industry is growing extremely quickly as advertising consumption patterns shift online and toward mobile, and according to a new report from Ovum, enterprises, advertising technology vendors, and digital marketing services providers need to urgently redefine their online advertising strategies. The online advertising industry is in a “2.0” paradigm, with personalised real-time bidding technologies replacing traditional mass-media static “banners” and “skyscrapers.”

The report reviews the state of maturity of the online advertising industry, the early adopter industry sectors, the key vendors and service providers, and forecasts the future technology developments and enterprise adoption trends. In particular, Ovum discusses how vendors should address the key enterprise concerns of ad viewability, ad performance measurement, and ad attribution within the context of a hostile regulatory environment and enterprise Big Data strategies.

Gerry Brown, senior analyst in Ovum’s Customer Engagement team, and author of the report, said, “The online advertising industry is full of supply chain complexities, acronyms and buzzwords that have made it difficult for CMOs and marketing executives to fully comprehend. They need to break down this complex industry into easy-toconsume, bite-sized chunks in order to make informed, educated, and strategic decisions about online advertising technology investments and their choice of external services partners.”

“Enterprises need to embrace the online adver tising market, which is becoming a key promotional channel to market for enterprise marketers,” added Brown. “However, enterprises’ market par ticipation needs to be managed with caution. Fraud and data security in particular are issues that plague the online advertising industry. IT depar tments should work alongside marketers to ensure that robust IT best practices are deployed.”

application servers. By successfully going through a Cyber Essentials assessment, organisations not only lower their risk of serious data and financial loss, but by displaying the Cyber Essentials badge they demonstrate to customers that they have taken steps to be fundamentally cyber safe. Ian Glover, President of CREST, added, “The Cyber Essentials scheme is unique because it has been developed as a collaboration between the UK government and the very best cyber security professionals in the UK,” said. “These professionals utilised their years of experience and invested their own time to extract the security standards that should be applied to all businesses, regardless of size. It is important that large consumer-facing organisations like Barclays embrace the scheme and I congratulate them on their early certification.”

European software companies continue to outgrow the market European software vendors have generally enjoyed a relatively good year, according to the latest database report from IT Europa, ISVs in Europe – The Top 500. In 2013, the last full year for which accounts are available, revenues for the top 500 European ISVs increased by 13.04% to €104.9 billion ($137.8billion). Overall publicly listed ISVs outperformed the major groups and their subsidiaries with growth of 14.73% (compared with 5.84% for parent companies and 11.01% for subsidiaries). Independents also fared well, growing by 10.46% over the same period. The database report, which provides detailed business profiles of each of the top 500 European ISVs, provides further evidence that is applications rather than hardware that is driving IT sales in Europe. Despite the challenging economic climate in many parts of Europe, ISV revenues showed increases in all 33 countries covered by the report. The Danish market exhibited the most dramatic increase in revenues (up by 30.9%) followed by Hungary (23.9%) and Turkey (19.6%) and Russia (18.6%). The UK returned one of the lower growth rates at 3.0%. IT Europa research manager, Auri Aittokallio, said, “Generally, ISVs are proving extremely resilient in the face of both market and economic pressures. There are signs that this stems largely from adjusting their business models with services last year accounting for 44.2% of total revenues - up from 36.9% in our previous report.”

www.vitalmagazine.co.uk | July-August 2014

News

Cabinet minsters fail to see the big picture Cabinet Ministers are failing to grasp the bigger picture behind the Government’s move to embrace IT services supplied through SMEs, says Peter Groucutt, managing director of Databarracks. This is following comments that small firms are apparently unable to effectively support the IT capabilities of government departments. Recently, Vince Cable, business secretary, and Ed Davey at the energy department, revealed to the Prime Minister that government departments are at a virtual standstill, due to the supposed “shambolic” state of IT provisions supplied by small firms. Groucutt states that the comments demonstrate a complete lack of foresight into the Government’s motives to provide SMEs with a bigger share of the £7bn government IT market. He said, “The comments from Vince Cable and Ed Davey, two highly respected cabinet ministers, only discredit the tireless work which has already been done in providing SMEs with greater opportunities to support the IT needs of government departments. “Ultimately, what they fail to address is the enormous cultural shift we are now seeing across IT services within government departments and one which was never going to happen over night. For too long government IT contracts had been dominated by a select oligopoly of big SIs profiteering from a

cast iron grip on the market with no room at all for outsiders, notably the SME community. “[…] It is important to recognise that the shift towards public sector and government departments embracing IT services from SMEs is still very much in its infancy. There was always going to be challenges under any new procurement process, but rather than criticising the work achieved so far, now is the time for a real push towards increasing awareness of the benefits that can be seen through services offered. “The opportunities provided can allow departments to increase cost savings and efficiencies without compromising front line services. Indeed, the solutions available will often give a much better quality of service to government departments than those currently available from traditional government IT suppliers. “The purpose of embracing SMEs has always been to open up more innovative and entrepreneurial ICT services to the public sector, breaking up the oligopoly that has controlled the market until now. It seems unjust, therefore, to condemn the efforts so far before it has been given a real chance to prove its worth.”

Disruptive cyber attacks a growing concern for UK organisations Disruptive cyber attacks are becoming more effective at breaching security defences, causing major disruption and even bringing down systems for whole working days, according to a new global study from BT.    The research reveals that 41% of organisations globally were hit by Distributed Denial of Service (DDoS) attacks over the past year; with more than three quarters of those (78%) targeted twice or more in the year. DDoS attacks are seen as a key concern by more than a third of UK organisations (36%). Globally the worry is even greater, with almost twice as many organisations naming the attacks a key concern (58%). It reveals that despite the growing concerns over the attacks, only about half of UK organisations (49%) have a response plan in place, and 8% strongly believe they have sufficient resources in place to counteract an attack.    DDoS attacks are also increasingly becoming more complex and difficult for organisations to fend off. Nearly two thirds (59%) of those polled agree that DDoS attacks are becoming more effective at subverting their organisation’s IT security measures. Attackers are often adopting hybrid, or multi-vector, attack tactics, which involve attacks through multiple platforms. These have increased by 41% during the past year. Multi-vector attacks pose increased complexity and risk as they involve multiple attack methods deployed simultaneously. Mark Hughes, president of BT Security, said, “DDoS attacks have evolved significantly in the last few years and are now a legitimate business concern. They can have a damaging effect

www.vitalmagazine.co.uk | July-August 2014

on revenues and send an organisation into full crisis mode. Reputations, revenue and customer confidence are on the line following a DDoS attack, not to mention the upfront time and cost that it takes an organisation to recover following an attack. Finance, e-commerce companies and retailers in particular suffer when their websites or businesses are targeted.” “Organisations need a higher level security solution to protect not only the network infrastructure but the devices that initially provide protection.”   Unsurprisingly, respondents said customer complaints and queries jumped by an average of 36% when their network systems go down after a DDoS attack. In addition, on average, organisations take 12 hours to fully recover from an especially powerful attack.

News

Do you know what’s happening across your IT estate? 74% of enterprises admitted one of the most challenging areas for enduser applications (apps) is knowing what’s happening across their IT estate, according to Centrix Software. This is despite more than three quarters (76%) of CIOs stating that “understanding the entire app portfolio” is a key end-user app goal. The independent survey of 100 IT directors and CIOs was undertaken by Vanson Bourne; to gain insight into the top challenges faced by those responsible for IT apps, especially when it comes to managing and understanding their app portfolios. The top three end-user app goals were reported as: understanding the apps portfolio across installed, cloud and virtual, to enable planning and management; optimising the app portfolio to match business and user needs; and cutting the cost of running apps to free up more IT resource for strategic initiatives. 70% stated their most challenging enduser apps issue with was managing too much complexity in the portfolio. While, a high proportion of the CIOs surveyed

(71%) have IT asset management or software licensing tools in place for managing their end-user app portfolio, they still struggle to know what’s really happening across their desktop estates. And even although 71% of organisations use asset or licence management software, 38% admit to using manual usage tracking such as surveys. Lisa Hammond, CEO of Centrix Software, said, “This research confirms that understanding the entire app

portfolio has to be the key end-user app goal. Achieving this goal on an ongoing basis isn’t possible without a much clearer and more detailed understanding of which apps are really important to the business, which are being used and which are delivering value. Business intelligence (BI) solutions have been available to decision makers for years, and the survey clearly shows IT leaders need BI analytics to really understand their app and device usage.”

The story of computer science Cambridge University Press is to publish a book, which tells the story of computer science from Charles Babbage and the difference engine to strong AI and beyond, including sections on the fundamentals of computer science, computational thinking, the origins of PCs, smart phones and games, and key issues surrounding online security, hacking and cyber-warfare. Senior mathematics and computer science editor, Lauren Cowles, signed world rights to The Computing Universe: A Journey Through a Revolution direct from co-authors Tony Hey and Gyuri Papay. Inspired by Nobel Prize winner Richard Feynman’s pioneering lectures on computer science, which brought the subject to a popular audience in the early 1980s, The Computing Universe is the first attempt to provide general readers, including high

school and first year university students, with an accessible and entertaining account of how computers work, as well as a look at the vast scope of activities that have been enabled by networks of interconnected computers. Hey said, “The digital revolution is changing the world dramatically and everyone should have an appreciation of how we have got to where are now and where we are likely to be going in the future. I felt there was a need for a ‘popular’ level book about the milestones of computing technology and of the people who created the modern world of IT. I am excited to be again working with Cambridge University Press, one of the best academic publishers in the world, to make this vision a reality.’ ” Cowles at CUP added, “The story of how computing evolved in less than a century to be the defining attribute of the modern world is extraordinary. This will be the first book that describes this transformation and Tony is perfectly placed to tell the whole fascinating story.” The Computing Universe: A Journey Through a Revolution will be published by Cambridge University Press on November 20th.

Follow VitAL Magazine on Twitter: www.twitter.com/VitALMagazine

www.vitalmagazine.co.uk | July-August 2014

News

Improving IoT security Researchers at Context Information Security have been able to expose a security weakness in a Wi-Fi enabled, energy efficient, LED light bulb that can be controlled from a smartphone. By gaining access to the master bulb, Context was able to control all connected light bulbs and expose user network configurations. The bulb manufacturer LIFX has since worked closely with Context to promptly patch the issue. The work by Context is part of ongoing research into the security of the emerging Internet of Things (IoT) and raises some questions. Michael Jordon, research director at Context, said, “It is clear that in the dash to get onto the IoT bandwagon, security is not being prioritised as highly as it should be in many connected devices. “We have also found vulnerabilities in other Internet-connected devices from home storage systems and printers to baby monitors and children’s toys. IoT security needs to be taken seriously, particularly before businesses start to connect mission critical devices and systems.” “Hacking into the light bulb was certainly not trivial but would be within the capabilities of experienced cyber criminals,” added Jordon. “In some cases, these vulnerabilities can be overcome relatively quickly and easily as demonstrated by working with the LIFX developers. In other cases, the vulnerabilities are fundamental to the design of the products. What is important is that these measures are built into all IoT devices from the start and if vulnerabilities are discovered, which seems to be the case with many IoT companies, they are fixed promptly before users are affected.”

Flexible working change welcome but it’s still too easy to say “no” From Monday 30th June 2014, all employees who have been in their jobs for more than half a year have the right to ask their employers if they can work flexibly. The Department for Business, Innovation and Skills said 20 million people now have the right to ask to work flexibly. Steven Harrison, lead technologist at Exponential-e, said, “Technology and culture were previously like a ball and chain to UK employees. The distinguished worker was in the office. This change in flexible working rights for workers is lifting that cultural taboo, whilst technology capabilities are spreading like wild fire across the UK. “The capability to work virtually via cloud based servers, applications and desktops, along with the ease-of-use of unified communications technologies allows us to speak, text and video chat from a variety of devices. There is simply no longer a need for workers to be tied to a desk. “Flexible working means Brits can finally come together where and when it

makes the most sense to collaborate and co-work, without being anchored to an office or location.” On the other hand, the TUC is concerned that it is still too easy for employers to say no to any requests they receive as, up until this new legislation, the right to ask for flexible working had only been available to parents and carers. TUC general secretary, Frances O’Grady, commented, “Those with oldfashioned bosses who expect all staff to stick to the same rigid hours day in day out and always be in the office won’t be so lucky. Employers will still find it all too easy to block any requests for greater flexibility. “Unfortunately the right to request is only the right to ask nicely. There is nothing to stop employers saying no. Of course not everyone in every company or organisation is able to work flexibly – some requests will always need to be turned down. But without the right to challenge employers, many workers will continue to lose out.”

New domain names set to revolutionise online shopping The recent Internet 2020 Report, by NetNames, reveals how the web is set to transform over the next five years. This follows the launch of thousands of new generic Top Level Domains (gTLDs) such as .london, .shop and .sport. In its research, NetNames found that 80% of Internet users think the new domain names will make them more likely to enter a company’s web address into their Internet browser rather than use a search engine. The simplicity and specificity of the new web address endings will make Internet navigation less reliant on search, as users will be able to use direct navigation much more frequently, according to the company. Businesses agree with consumers on this point, with almost half (42%) of corporate respondents identifying the biggest benefit of the new domain names as better search and recognition on the Internet. Further to this, the survey revealed that over half (59%) of daily Internet users think the new web address endings will make it easier for them to find things on the Internet. This view was even stronger amongst businesses, with 89% stating they believed that new web address endings will help consumers find their website. Gary McIlraith, CEO at NetNames, commented, “The Internet is vast and we need search engines in order to find the content we are looking for. In some ways, that is even truer with so much new Internet real estate being created by the new gTLDs. However, in cases where they have a specific website destination in mind, the descriptive nature of new gTLDs will help internet users to memorise naming structures and facilitate browser-based navigation to the specific areas of the websites they are interested in, bypassing home pages. Consumers will therefore become less reliant on using a search engine to find a website. “The new domain names effectively represent the resetting of the Internet. Brands need to consider which of the new domain names will provide the most business value and be most relevant to their customer base in order to strengthen their Internet presence and remain relevant in the changing nature of the Internet. By doing this, brands will be able to secure continued success in the Internet of tomorrow.”

www.vitalmagazine.co.uk | July-August 2014

V ITAL focus groups

Helping you overcome obstacles

2014 • One-day event • Over 100 decision makers • 12 thought-leading debate sessions • Peer-to-peer networking • Exhibition • Cutting-edge content For more information, please contact Nick Hayward on +44 (0) 203 668 6949 or email him at: nick.hayward@31media.co.uk Organised by: T H I R T YO N E

www.31media.co.uk Publishers of VitAL Magazine

www.vitalfocusgroups.com

Viewpoints

Pay attention! You’re not clear! By Andrew Vermes of working in a lingua franca (English) O neis thatconsequence reaching a common understanding is often

long-winded and painful. A client of mine – an international company – often has to deal with complex technical issues in teams spread out across the globe. To answer a single technical question can involve: • An email with the question. • A call to clarify the question and the kind of data required in response. • An email comes back with the wrong data. • Two further calls. • An email describing in detail, step by step (with screenshots), how to extract the required report from the system in question. By the time the information has been received, at least a week has passed, and the customer has lost all faith in the company’s competence. What’s needed is a common structure for the gathering and communication of information. Here’s the great Noam Chomsky on the need for structure: “You can’t pursue any kind of inquiry without a relatively clear framework that’s directing your search and helping you choose what’s significant and what isn’t… If you don’t have some sort of a framework for what matters — always, of course, with the proviso that you’re willing to question it if it seems to be going in the wrong direction — if you don’t have that, exploring the Internet is just picking out the random factoids that don’t mean anything… You have to know how to evaluate, interpret, and understand… The person who wins the Nobel Prize is not the person who read the most journal articles and took the most notes on them. It’s the person who knew what to look for. And cultivating that capacity to seek what’s significant, always willing to question whether you’re on the right track — that’s what education is going to be about, whether it’s using computers and the Internet, or pencil and paper, or books.” People sometimes get confused about frameworks and processes, setting up A to Z methods for accomplishing something, and trying to iron out all human frailty; of course this is futile, since people denied the chance for freedom even in this small way will tend to side-step the approved method, often with negative consequences. Chomsky’s notions of framework appear rooted in his research into language and grammar. There’s no doubt that common language and grammar makes all communication easier, including with yourself, and a lot of consulting assignments I handle centre around building a common language for some purpose – usually strategy, problem solving

You can’t pursue any kind of inquiry without a relatively clear framework that’s directing your search and helping you choose what’s significant and what isn’t or managing change. Yet so often clients insist on trying to build a lock-step process, with a robotic scripted set of questions, even before they’ve learned the language. It’s a bit like trying to write poetry in Arabic by using Google Translate, and the results can be ugly.

The intent of the question Kepner-Tregoe in its problem solving work teaches that to communicate effectively, you must a) constantly be aware of your purpose: what information are you trying to obtain or convey; and b) you must mine for information until you’ve reached the level of specificity you need. The assumption that when I ask a question, my purpose is clear is usually wrong. Consider this example: “When did the problem start?” could relate to several possible useful data points, including: • How long the customers have been suffering, and how pissed off they are. • The exact time, to establish any relationship between the fault and possible causes. • What has happened in the meantime to make it worse or better. The KT view is that you must make clear exactly what type of data you want if you expect your counterpart to respond helpfully. Instead of asking, “have we seen this before?”, try: “Can you gather the exact dates and times of previous occurrences?” A related conclusion is that asking questions which require multiple data or are complex, is likely to get confused, misleading or incomplete information. One question for one datum is a useful rule of thumb. And what about multinationals using English as a lingua franca? Just this – if you’re not teaching your people to be consistent and precise in daily communication, when you work in a second language you are doomed to continue the misunderstandings. www.vitalmagazine.co.uk | July-August 2014

Viewpoints

Now you see me, now you don’t! By Jonathan Westlake ou will no doubt recall the landmark Court of Justice of Y the European Union ruling earlier this year (May 2014), regarding the so-called “right to forget” obsolete information on the WWW.

Since May Google has launched a service to allow Europeans to ask for personal data to be removed from online search results. This has led to a raft of requests to Google to remove content and there is some evidence that the activity of removal has started albeit with some difficulty. But is this far reaching enough? What about recent images that are not deemed to be obsolete? Unrelated to the EU court ruling is so called “revenge porn”, which has recently caught my eye. For those unfamiliar with this rather sordid topic, it can be briefly explained as people posting sexually explicit images of former partners online without consent. In the age of pervasive mobile technology, distribution of images is fast and easy; just look at the “selfie” craze recently. It is well to bear in mind, however, where the image may end up being distributed to! According to the Women’s Aid, revenge porn abuse is on the rise and there have been calls to stop it happening. The question of course is how to stop it? Currently there is no legal obligation for an Internet service provider/social media provider to remove an image. An individual can make representations but there is no guarantee that it will be serviced. An example policy can be seen at Facebook’s Privacy Rights – photo removal request. Perhaps one avenue would be for the EU/UK to consider extending the “right to forget” ruling to all current electronic content. Perhaps citizens should have the right to request removal of images if they are threatening the data privacy of the individual. Culturally we still in the infancy stage with the WWW, and a practical redress mechanism needs to found for undesirable images to be requested for removal in a timely and transparent manner.

Currently there is no legal obligation for an Internet service provider/social media provider to remove an image. An individual can make representations but there is no guarantee that it will be serviced Coupled with this, there is a need for a cohesive new set of social media laws to deal with the issue, perhaps in the new Criminal Justice and Courts Bill? Given that there are laws in place, which deal with data privacy, it is marked that these are so far failing to prevent revenge porn perhaps because of how they are applied. The EU Court of Justice ruling may well be just the start of a way of moderating the content of the WWW by an individual. Power to the people!

What is the “right to forget?” ? Google – and other search engines – are extremely efficient at crawling the web to find and store data. Even if websites are taken offline, a cache is kept – meaning they can still be accessed. However, the EU has been pushing heavily for a new law on data privacy – of which “right to be forgotten” is a key component – since it proposed guidelines in January 2012. It argues that old, inaccurate or even just irrelevant data should

www.vitalmagazine.co.uk | July-August 2014

be taken out of search results if the person involved requests it. Eventually, the EU hopes the “right to be forgotten” principle will extend further. The EU thinks you should have the right to demand that social networks get rid of any potentially embarrassing photos completely – as well as any bit of data on you they may hold. If the full proposals are passed, firms that do not comply with the law could be fined around 1% of their global revenues.

National Software Testing Conference

2014

National Software Testing Conference 2014 Review

Breaking today’s boundaries to shape tomorrow

An “inspirational” two days Sophie-Marie Odum shares her thoughts on the first ever National Software Testing Conference, held in May at the British Museum…

“This conference was a revelation for me and I’m fully energised and motivated to apply a lot of the ideas within my organisation.” – Gabriela Pinder, test/quality assurance lead, Impellam Group” inspirational and great value for money,” “A “I nformative, great networking event for the testing industry”, and “A

conference that puts the focus where it matters,” are just a few comments from delegates of the first ever National Software Testing Conference… and what a huge success it was! Speakers from many well-known companies, including William Hill, Expedia, Virgin Media and Waitrose, just to name a few, offered delegates a new way of thinking by demonstrating how cross-industry collaboration can help breakthrough today’s boundaries to shape tomorrow. Held at the grand British Museum, which is famed for human history and culture, and illustrates how today’s society is built upon yesteryear; this was the ideal setting for the National Software Testing Conference. The Conference demonstrated how software testing has evolved over the years and how now

is the right time for the industry to work together, irrespective of sector, and elevate the software testing industry as a whole. To further bring the industry together and promote unity, the National Software Testing Conference was used as a platform to launch the Software Testing Network. This Network provides a unique opportunity for learning via access to exclusive information, research, events, services and lots more. It was encouraging to see many delegates take an interest in this new network and we look forward to growing its membership. Keynote speaker, Rod Armstrong, senior director QA, Expedia, said, “The National Software Testing Conference was inspirational not only for the venue, but also for the large contingent of like-minded individuals gathered together, with the goal of sharing their knowledge and learning from one another.

www.vitalmagazine.co.uk | July-August 2014

National Software Testing Conference 2014 Review

“The advice and guidance provided by the keynote speakers gave me the most value. The venue was lovely and ideal, and the event was very well organized and structured.” - Jennifer Flowers, QA test manager, Wheatley Associates

“The organisation was faultless, with great presentations from a cross section of individuals and companies, happily passing on their own experiences of the world of testing today. In the gaps between presentations, we were provided with great catering services and a wide range of vendor exhibits.

process and tools, the National Software Testing Conference also hosted a series of Executive Debate Sessions, facilitated and led by key figures, and an exhibition, which saw companies such as Borland Software, IBM and Sogeti, plus many more, showcase their latest products and services available.

“As a speaker myself, I was genuinely impressed with the level of engagement from the delegates and with the incisiveness of their questions. Looking forward to the next conference already, the only shame is that it happens but once a year. Thank you to all involved in putting this together. Congratulations on an excellent event.”

The National Software Testing Conference 2014 received fantastic feedback, and the team behind TEST Magazine, organisers of the conference, feel very proud to have hosted an event that brought the industry together to network and swap and share ideas, allowing delegates to head back to their offices and implement change with immediate effect. We are really looking forward to next year!

As well as a wide selection of presentations, covering the core areas of software testing, including strategy, management,

To download all the presentations and view more photos, please visit www.softwaretestingconference.com

“Fantastic conference focused at testing professionals. Good opportunity to network, new cutting-edge products and ideas. Looking forward to next year.” – Nadine Abley, GTF test manager, JP Morgan

NSTC14 in numbers* - 84% said the NSTC’s content was either “Good” or “Fantastic” - 86% of attendees gained a lot of value from attending

- 94% thought that the NSTC14 was “extremely well organised and executed” - 72% are interested in attending NSTC 2015

- 91% felt that NSTC14 was “good value for money” *Data gathered from the National Software Testing Conference 2014 feedback form

www.vitalmagazine.co.uk | July-August 2014

VitAL Security

How to prepare for an impending security breach Garry Sidaway, global director of Security Strategy, NTT Com Security gives his advice on how to define and test your incidence response plan and discusses risk management, and governance and compliance…

It’s now a case of when, not if, your company will be hit according to some vendors and analysts. The question is: are you prepared to manage a security incident? are getting more advanced and attackers a A ttacks getting smarter. A week doesn’t go by without us hearing about a security breach. Adobe,Target and eBay are just a few high-profile organisations that fell victim to cyberattacks, and 2014 has already seen the Heartbleed bug impact the majority of organisations across the globe. It’s now a case of when, not if, your company will be hit according to some vendors and analysts. The question is: are

you prepared to manage a security incident? With incidents increasing in frequency and complexity, incident response plans are critical for minimising the impact of a breach. Complex threats such as APT (Advanced Persistent Threats) are difficult and time-consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. The problem is that businesses are turning a blind eye to the importance of defining and testing an incidence response plan. In fact, 77% of organisations do not have an incident response plan at all; according to a recent NTT Group report.

www.vitalmagazine.co.uk | July-August 2014

VitAL Security

What is an incident response plan?

Although it is not always essential to share information about a breach with a company’s customers and partners, it will be necessary to define and communicate a policy internally. It all depends on the nature of the incident and how early the IT team can understand and communicate what it is and what remedial action is being taken

Essential to every business with intellectual property, an incident response plan is a formal process that defines an incident and provides step-by-step guidance on how to handle a future attack. In order to limit damage and reduce recovery time and cost, it needs to be kept up-to-date and then shared among relevant personnel. Tests should also be performed regularly to ensure people understand their roles and responsibilities. Firstly, organisations need to develop a good risk insight and understanding of their information assets. Not all incidents are of equal impact so every business must be able to classify an incident that occurs. This can be done by establishing a comprehensive and real-time view of network activity, which will enable an IT team to quickly recognise that its company is under attack – and then consequently deploy a clear plan for remedial action. A company’s goals and compliance requirements must also be at the forefront of an incident response plan. The right intelligence on the impact of any incident will drive a proportionate response and focus resources to minimise damage and disruption. This way, those affected will be able to resume business as quickly and smoothly as possible. Ultimately, the route to better preparation is to build a structured plan that clearly articulates the approach, benefits and measures for application risk reduction. With a clear understanding of the business and technology infrastructure, an IT team can perform network and host-based forensic investigation into incident, provide incident management capability and deliver summary post incident report and recommendations. In addition, organisations must understand how compliance fits into a their incident response process and put in place a clear procedure to meet the specific obligations for reporting incidents. This means knowing when and how to notify law enforcement or specific industry regulators and, for multinational companies, navigating through the regional variations, complex privacy laws and notification requirements.

parts of the business affected by a breach. Although it is not always essential to share information about a breach with a company’s customers and partners, it will be necessary to define and communicate a policy internally. It all depends on the nature of the incident and how early the IT team can understand and communicate what it is and what remedial action is being taken.

Is it time to outsource? Implementing an incident response plan might seem like an expensive task, but it needn’t be. Most organisations already have in place the technology – such as data loss prevention, perimeter defences, and log management – and enlisting the services of a trusted provider is all that is needed to develop the process and people to effectively respond to an incident. An organisation that outsources to a managed security services provider is able to augment the in-house skills of its staff and focus on building and developing its business. Meanwhile, the outsourcer provides the information on risks to enable the board to understand, prioritise and manage risks and make informed decisions. If a business with no in-house capability suffers an incident, a trusted provider that is deployed would be instrumental in developing its incident response plan. It might establish an incident management capability, analyse forensics and contain the incident, provide an incident resolution, wrap up the incident, and deliver an incident report and roadmap. It’s clear that faster, more efficient incident response will help minimise the impact and cost of an incident and protect a company’s data. Lack of a clear plan cost one company over $100K and took over three months to resolve completely. By using a dedicated response team, and maximising the value of existing technology investments, every company can plan and execute a mature incident response strategy effectively. So by the time the “if ” becomes a “when”, you will be able to say that your organisation is better prepared to manage the security incident and be in a better position to deploy remedial action with minimal disruption.

It is therefore crucial to establish policies to share with other

www.vitalmagazine.co.uk | July-August 2014

VitAL Security

How secure is the IoT? The Internet of Things will mean a better-connected world, with huge possibilities for positive change, but also big opportunities for cyber-criminals. Jim Carlsson, CEO of Clavister, says security must be placed at the heart of the next generation of smart connected devices…

you haven’t encountered the phrase before, I fthe Internet of Things refers to the expanding network of interconnected, internet-enabled devices. Driven by miniaturisation, the affordability of components such as cheap Bluetooth sensors, and the growing ubiquity of technologies such as Wi-Fi, it is now possible to connect devices in a way that would never have previously been thought possible.

Our increasingly connected lives To give you an idea of scale, this means that controllers for central heating, lighting, a variety of household appliances from the fridge to your home security system, your satellite TV box, desktop, laptop, mobile and tablet all have the potential to be talking to each other, communicating to a variety of third parties, and to be controlled from a centralised device. This level of Internet connectivity offers a plethora of opportunities to propel us to a more sustainable, energy efficient society as greater control, analysis and insight is presented to consumers and businesses. It’s an opportunity that some of the biggest names in technology have already jumped upon. Apple recently introduced Homekit, a platform that will co-ordinate various third-party home automation accessories, allowing you to unlock your doors or turn on and off your lights via your iPhone. Google, too, demonstrated its interest by paying £1.9bn earlier this year to buy Nest Labs. Already well known for its connected thermostats and smoke detectors, Nest is currently investigating a slew of other applications related to the home – everything from health tracking to security systems.

Opportunities for criminals While this is great, in theory, it should come with a caveat: The more devices that become Internet-

www.vitalmagazine.co.uk | July-August 2014

VitAL Security

enabled and the higher the level of connectivity between those devices, the greater the opportunity is for hackers to cause damage and disruption. If we simply start connecting an increasing number of devices to the Internet without properly considering the security implications, we could hand hackers the opportunity to cut our electricity, flood our homes and pry deeper into our private lives. Indeed we have already seen the first reported attack, which exploited both “smart” household devices and conventional computers. Late last year, more than 100,000 consumer devices, including an Internet-connected refrigerator, smart TVs and multimedia hubs, were exploited to send more than 750,000 spam and phishing emails.

This level of Internet connectivity offers a plethora of opportunities to propel us to a more sustainable, energy efficient society as greater control, analysis and insight is presented to consumers and businesses connected lives and manufacturers will be tasked with adopting a new generation of protection – embedded security.

Securing the Internet of Things

Embedded security is the concept of reducing the footprint of robust security software, enabling it to be embedded into the appliance without impacting on the device’s capabilities. This would facilitate the installation of network-based firewalling, web filtering, application control and encryption capabilities within a very small storage and memory usage footprint, enabling secure networking for a wide variety of devices. The upshot of this would be a range of devices operating on distributed but secure environments.

Now that attacks against these smart devices have begun, they will only escalate and securing this explosion in device numbers will be critical. It goes without saying that, with the potential threats of interception and attack on devices connected to the Internet of Things, a wider spectrum of manufacturers are going to have to consider providing solutions that both connect and are robustly secure.

This kind of advanced security technology will enable IT and communication equipment manufacturers to achieve competitive advantage, differentiation and higher margins for their products by embedding security into IP-enabled equipment such as routers, switches, access points, electricity meters, household appliances and vehicles – in fact, into any device that connects to the Internet.

The majority of the devices used in the attack were not infected by malware, but were simply left open so that attackers were able to use their IP capabilities to relay spam and infected emails. But this incident highlights just how resourceful attackers have become in using unconventional, but effective, attack vectors.

However this will not be straightforward due to the limited processing capability and on board memory that many newly connected devices will have. This severely limits the scope for conventional security software, in turn running the risk of leaving newly connected devices in the security dark ages. For instance, as things stand, security will rely upon users changing passwords and other settings away from defaults, and ensuring the devices are not left open – in the same way that people are recommended to protect their home WiFi networks. Given the increased stakes, relying on such primitive security measures is likely to be futile in the battle against cyber-crime. A new generation of security will be required to protect our

www.vitalmagazine.co.uk | July-August 2014

Be prepared – or prepare to fail The possibility that devices in our homes will become increasingly connected and entangled may seem farfetched and the prospect of a criminal using nothing more than a computer to flood a home an idea from science fiction. As outlandish as the concept of “the Internet of Things” may sound it is inevitably going to emerge – as will the increased threat from hackers. It is therefore critical that we integrate security at an early stage in its evolution, to ensure maximum protection against interception, tampering and attacks. Failure to do so might just be catastrophic.

VitAL Security

Times change, but the threat remains How should organisations mitigate their risk of suffering a damaging data breach? Steve Smith, managing director of Pentura, describes a stepwise approach to the problem…

the early 90s, a National Security Agency (NSA) official I nwrote a memo expressing concerns about how internal

IT staff could be a security risk to the organisation – a risk that was realised 23 years later by NSA contractor, Edward Snowden who disclosed top secret documents to the press, which then went viral.

“It seems amazing that so few are allowed access to so much information – apparently with little or no supervision or security audits,” the official wrote, in a time when few had heard of the Internet, email or had even used a PC. Not every business harbours such a large volume of highly confidential information, but a majority have business-critical and sensitive data, whether it’s intellectual property, financial information or employee records. How many would want this type of information to get into the wrong hands? The consequences of data leaks can be catastrophic in terms of damage to reputation, as well as financial losses, such as imposed fines and lost revenues. It’s estimated that each record leaked can cost around £801 to the business responsible; multiply that by tens of thousands of compromised records and the figure is daunting.

DLP deliberations So how should organisations protect their data and themselves against the risks of damaging data leaks and losses – whether accidental, or malicious? The solution is data loss prevention (DLP). However, many businesses have avoided deploying DLP solutions to prevent data loss, because implementation is often seen as complex and fraught with challenges, involving a series of in-depth processes. First, the information stored on an organisation’s servers and employees’ PCs needs to be audited and classified according to its sensitivity and confidentiality. Then the firm needs to evaluate its exposure to risk, and establish exactly what’s at stake should sensitive data leak. Finally, the business needs to consider the measures needed to counter and manage those risks, in terms of employee training, establishing new policies, controlling access to material and protecting data by encryption or other means. While at first glance these tasks may seem onerous, not all of the steps described have to be taken at once. In fact, many organisations may not need to implement more than a couple of these steps to protect themselves against major risks of data loss.

One piece at a time The most effective data loss prevention strategy is to approach it in bite-sized portions. The first step is to discover what

The most effective data loss prevention strategy is to approach it in bite-sized portions type of information the company holds, and the potential consequences if that information were to fall into the wrong hands. This classification of data helps businesses to understand what their true risk of a breach is. The risk may be fairly low if a company doesn’t hold sensitive data and, as a result, the need for a security solution may also be low. In contrast, many organisations do carry information about clients and partners, as well as intellectual property, which is highly sensitive, in which case solutions such as encryption and identity and access management may need to be deployed.

Who’s using your data? The next step is to monitor how data is being accessed and how information flows around the business. Does remote working form part of business practice? Is confidential data put onto USBs, emailed, or posted to personal cloud storage accounts? How sensitive is this data?’ Are your employees walking around with confidential data without any form of protection or even your knowledge of doing so? Auditing how data is used in an organisation is challenging, so it’s often useful for businesses to work with an external consultancy to help with monitoring the data flows across their networks, and to recommend how data policies and procedures can be set up and managed to maintain security and enforce good practice.

Using people power It’s also important that staff know what the do’s and don’ts are when it comes to sharing information. E-learning resources on data security issues – from use of removable media, appropriate use of email and social media applications, to phishing awareness – are available to help you harness one of the most effective solutions available to organisations: securitysavvy staff. While times have changed, and we all have access to computing power that was unimaginable back in 1991 when that NSA agent wrote his original report, the threat of data losses and breaches remains and is stronger than ever. But with a stepwise approach to DLP, protecting your information assets need not be onerous.

References available on request.

www.vitalmagazine.co.uk | July-August 2014

Assurance is the science of simplification. In today’s overly complex technology world, testing and QA functions must balance the art of perfection with the science of simplification. There exists a way: Tata Consultancy Services (TCS). With TCS’ independent enterprise testing arm, Assurance Services Unit (ASU), you can balance your testing needs and business goals with market-proven, world-class experience, expertise and guidance. Visit tcs.com/assurance and you’re certain to learn more. Or write to us at: global.assurance@tcs.com

IT Services Business Solutions Consulting Scan the code to know about TCS Assurance Services

Cover Story

Approach the cloud with curiousity and caution Following news that the CIO for the Bank of England recently cautioned companies on adopting the cloud, Sophie-Marie Odum speaks to the CIO of Leeds Building Society, Tom Clark, to find out his thoughts on cloud computing…

years to come, people will use the cloud as the “I ndefault position and physical hosting will be the

once’ – carry out proper threat assessments, carefully weigh up whether or not a move to the cloud fits in with the overall business objectives. And don’t always accept blindly what a service provider is telling you, ask the right questions and you will get the best outcome.

As more and more businesses embrace cloud computing for its many advertised benefits, including cost and ease, they have been reminded to ignore promises from cloud providers and independently assess their needs when it comes to adopting the cloud by John Finch, CIO for the Bank of England, at the recent Cloud World Forum.

“Think about the data you are moving to the cloud, where it needs to reside due to data sovereignty, ask about how the provider shares (or doesn’t share) your data and with whom, ask about regulatory requirements and their encryption strategies. Make sure the answers comply with business objectives and principles.”

exception rather than the rule,” said Tom Clark, chief information officer at Leeds Building Society.

John said, “All the vendors will be telling you ‘you don’t need IT teams as they’ll do the heavy lifting for you’. That is sometimes true and there are cases where cloud can be a real enabler. But that doesn’t mean it’s always right. “Think about business models. There are many different variants to how you can scale using other people’s infrastructure. One size doesn’t fit all. The vendors will also tell you there is a financial upside. My answer is don’t let the bean counters tell you how to count your beans, go and see an external accountant.”

The capability that private cloud solutions enable in terms of scalability and swift delivery is head and shoulders above traditional infrastructure

What may on the surface appear as a harsh anti-cloud warning, could actually be sensible advice that companies must heed, says Will Semple, VP of research and intelligence, Alert Logic. He said “[This] message isn’t one of ‘don’t use the cloud’, rather make sure you do your due diligence when working with partners and service providers. This is very sound advice and I would argue that this transcends over any critical business decision; therefore, a move to the cloud should be given stringent considerations. “The problem is, a fair amount of companies look at the cloud as purely a cost-saving exercise and don’t consider the wider implications. One rule to live by is ‘measure twice, cut

Coming from a financial background, an industry typically very conservative when it comes to new technology, especially when it comes to moving data outside of physical boundaries, Tom agrees that it is important to carefully consider what is right for your business. “Choose your partner carefully initially, through performing full due diligence looking at the ‘show and tell’ around their hosting arrangements, discussing resilience, contingency, cyber risk protection, data and backup location (as some will move outside of legal geographic boundaries),” he said.

“This should include discussions with other existing customers of the provider who you would expect would have a similar risk appetite to your own company.”

Benefits of the cloud Discussing the benefits of the cloud, Tom continued, “I think that there are huge benefits, but, at present, a lot of companies are not grasping these. The capability that private cloud solutions enable in terms of scalability and swift delivery is head and shoulders above traditional infrastructure.

www.vitalmagazine.co.uk | July-August 2014

Cover Story

I think that the private cloud, chosen wisely, offers a level of cyber risk protection that cannot be easily achieved independently “This enables a level of flex to cope with spikes in volumes or organic growth that would otherwise turn into traditional IT infrastructure expansion or re-platforming projects with all the lead times, risks and costs that they imply. I think cost reduction overall is a major benefit, when you look at the option of either rack space hosting or in-house hosting, the service model behind cloud takes all of that headache away – and allows IT professionals to focus on delivering value for their business, and not worried about physical kit installation and operation. “Lastly I think that the private cloud, chosen wisely, offers a level of cyber risk protection that cannot be easily achieved independently. I say “chosen wisely” since the cloud itself is not inherently secure, so you need to make the right vendor partner choice that will deliver you the cloud solutions in a secure, robust and resilient manner either as service hosting or providing software as a service. “A cloud solution doesn’t create additional challenges, they are just different. Personally I am very comfortable with our cloud decisions and would recommend others to follow. I think this is just a timing / confidence thing”

Slow uptake? But if the cloud offers such benefits, why are more companies not taking advantage? Security seems to be the biggest speed bump in the road to the cloud. “I see a slow take up when talking with peers, with initial concerns raised from them as being security – but in reality I think there is an element of apathy to do something that could be perceived as difficult,” said Tom.

www.vitalmagazine.co.uk | July-August 2014

“There can also be a reluctance from the technical support staff to relinquish control when they are so used to being able to directly manage their own infrastructure. When you discuss further with companies who have made the leap it tends to be a trigger event that made them seek to migrate to the cloud rather than it being a normal planned event. So things like mergers and acquisitions, current platform obsolescence, significantly challenging timescales for new system delivery, it’s these types of event would all appear to drive people to the cloud as a means to an end, rather than looking at the positives in advance and adopting the cloud in a well-planned approach.” On the topic of security, Tom believes cloud solutions play a significant role in controlling and managing cyber security continued, “If you compare the patching and resiliency needs of traditional infrastructure to that of a cloud solution, whilst the cloud solution is much larger, conceptually from a protection perspective this should be much simpler. “For example, when an OS vendor issues a new patch it should be easier to identify the need and quicker to deploy across a cloud infrastructure than it would be across multiple disparate physical systems. Essentially for a vendor supporting a cloud environment, this approach gives them the opportunity to focus their efforts in one place rather than across many disparate systems meaning that the level of protection should be higher and consistent.” So, is moving to the cloud right for your business? The message seems to be clear – ensure you do your research first to decide what solution would best suit your business needs.

IT Service Management

Managing the stable door Stuart Facey, VP EMEA, Bomgar, examines the ways businesses can effectively control third party access to IT systems…

regularly require third-party assistance M ostwithcompanies the maintenance, installation and troubleshooting of IT systems, whether it’s because they’ve outsourced IT or have vendors who need to access specific systems. The increasing complexity and diversity of IT systems means that in-house support teams cannot be expected to install, maintain and fix all of their IT assets by themselves – so third-party access won’t go away. Up to 63% of data breaches last year were linked to a thirdparty access method, according to the 2013 Trustwave Global Security Report. Following a recent spate of data leaks and network hacks, it’s important for all IT departments to take a closer look at who has access to what on their networks, particularly third parties, to avoid the hefty costs (financial and otherwise) of a data breach. Here are four tips that can reduce the risk of security breaches as a result of third-party access to your systems:

1. Consolidate any existing remote access tools Many organisations lack awareness of what tools third-party service companies are using to remotely access their systems, putting themselves at significant risk. By implementing your own remote access solution, and requiring every third-party and internal employee to use it to access any system, you will greatly improve your ability to monitor and block dubious. As part of this, you can also block remote access from unapproved technologies, such as Remote Desktop Protocol (RDP), a favoured target for hackers.

2. Eliminate shared credentials When vendors and service providers use free or basic remote access tools, they often share the same generic credentials across technicians. From a security standpoint, this can be a big problem. Hackers can get easy access to remote systems by guessing passwords or using a brute force attack. In fact, the Trustwave Report found that, “Organisations that use thirdparty support typically use remote access applications, like Terminal Services (termserv) or Remote Desktop Protocol (RDP), pcAnywhere, Virtual Network Client (VNC), LogMeIn or Remote Administrator to access their customers’ systems. If these utilities are left enabled, attackers can access them as though they are legitimate system administrators.” The Verizon Wireless 2013 Data Breach Investigation Report also found that 76% of network intrusions exploited weak or stolen credentials. If credentials are shared and rarely changed, then ex-employees at the third parties may be able to access your systems long

after they leave the company. To stop this, require unique credentials and two-factor authentication for anyone who logs into your remote access solution. This will reduce the chance of stolen vendor credentials, while boosting your regulatory compliance.

3. Use granular permissions Once remote access tools are consolidated and secured, businesses should review who has access and assign roles using granular permissions. By selecting a third-party remote access solution that includes permission settings by vendor or team, you can designate who can access what systems and when. This is more secure than the traditional “on” or “off ” VPN approach where third parties can access everything on the network, or nothing at all. This ensures that no user has more access than they need, as most third parties will only need to work on one or a small group of systems on part of the network.

4. Create audit trails and set up alerts Preventing attacks is just one side of the story. What should a business do after an incident has occurred? Most companies don’t immediately know they have been hacked. According to the Verizon Report, the majority of breaches take months to discover. To prevent this, capture a secure audit trail of all remote access activity and set up alerts for unusual actions. This includes making sure the trail is captured in a secure place within your own network, rather than stored by the third party. Companies should be concerned about the persistently high level of corporate attacks through third-party remote access channels. When the risk is so acute and the consequences are so great, management of third-party access should be at the top of the list when it comes to security.

www.vitalmagazine.co.uk | July-August 2014

V ITAL executive debates Offering you the key to successful solutions

• One-day event • Monthly • Lunch & refreshments provided • Central London venue • Network with like-minded individuals • Cutting edge content

For more information, contact Swati Bali on +44 (0) 203 668 6946 or email: swati. bali@31media. co.uk

Organised by 31 Media, Publishers of VitAL Magazine www.31media.co.uk

T H I R T YO N E

IT Service Management

Orchestration spans across multiple areas, servers, touch points and services – an approach that is far more in tune with the complex requirements of a modern service management environment the trend for automation in the service management A senvironment continues, and more functionality is automated, the emphasis is increasingly shifting towards orchestration as a means of driving out cost and time to execution. With automation in a typical IT organisation, the focus is on individual areas and tools, whereas orchestration spans across multiple areas, servers, touch points and services – an approach that is far more in tune with the complex requirements of a modern service management environment and its complexities. The way in which end-users are working is rapidly changing,

and the introduction of technology, like smartphones, tablets and an ever-increasing roll call of new gadgets, is breaking down the barriers between work and home life and ramping up the complexity. Elements like self-service, where there is less interaction with service desk staff, are increasingly becoming the norm, as organisations move away from the more traditional service desk-based operation towards a service cataloguedriven one.

Orchestrating the back office When service catalogue offerings are automated a whole range of files in the back office need to be orchestrated. For example, when a user requests a new server, in the back office this

www.vitalmagazine.co.uk | July-August 2014

IT Service Management

simple request could involve seven or eight different activities. These separate processes take place across various automated environments in the back office, calling for a high level of orchestration to deliver what the user requires. Another driver for automation is the kind of “App Store” approach to providing enterprise applications that many organisations are now starting to implement. The end-user can choose their software from the App Store and click on a button to install it. It should be a very simple process for the user, however from the back-end perspective, a job ticket still needs to be logged and the entire service management workflow and lifecycle has to be completed, and that is where to-and-fro-integration and automation comes in. More and more orchestration has been added into service management software products. You could, for example click, on a button to provision a virtual desktop for 10 days. The only thing the end-user sees is a drop-down menu to specify the machine and the duration, but, in the background, the software is taking the request for the virtual desktop to be created; talking to a back end virtualisation tool, like VMWare; procuring the machine; delivering it; and after the 10 days is up, it has to create the mechanism to remove the machine and decommission all the resources it uses. This all takes a lot of orchestration. All the major service management tools have had to address this need for orchestration. Microsoft’s SCCM has a tool built-in to orchestrate a lot of tasks while the HP stack has its own Operations Orchestrator tool built in. These software environments have thousands of pre-built usable templates included that work across products. What this means is that if you have an environment that takes in various databases and backups and tasks, companies are now creating the back end orchestration as a template and bundling it in the tools. Now, when you are looking at a service management tool you can actually have these functions integrated to take care of second-level orchestration. They generally come as a layer between your infrastructure or the services that you offer and the service management front end.

The benefits of orchestration Companies using these tools are seeing many benefits, including reduced costs, reduced time to execute and a range of other advantages. One of the major benefits that adopters are witnessing is a “shift left” in terms of ticket resolution. The L1 team is the front end talking to end-users, while the L2 and L3 teams have increasing expert knowledge, so the more issues that get dealt with at L1 level, the more efficient it is. What orchestration has done in this area is make sure that a lot of the tasks that were originally solved at L2 or L3 level are now being taken care of at L1. As the cost of running L1 is lower than running L2 and L3, the benefits are clear and the skilled L2 and L3 staff are freed up to work on more important tasks. A good example of the savings that can be made is when a

www.vitalmagazine.co.uk | July-August 2014

new person joins a company. Perhaps there are 20 tasks that need to be undertaken on the IT side before the new member can get to work. If these jobs are tackled in a completely orchestrated way the time for the tasks could be reduced to a minute. Businesses are really seeing value, both from a cost, speed and handling perspectives.

The cost of orchestration While the benefits of greater efficiency, time and cost reduction should be paramount, some organisations have had concerns about the often prohibitive costs of investing in orchestration tools. The good news is that when delivered under an OPEX (operation expenditure rather than capital expenditure) model the value can be more easily demonstrated. There are still however sometimes challenges persuading the budget controllers at board level that this is the case. Those that choose not to follow the SaaS path could find themselves facing challenges in terms of resourcing, especially finding staff with the skills and experience necessary to understand and configure orchestrated systems. There are also often security and compliance concerns for anyone embarking on complex automation projects. When there are many levels of automation it is often the case that the security experts don’t like it. They want checkpoints throughout the process, so visibility is crucial. Processes and procedures need to be adhered to and measures and incidents need to be logged and reported in a particular fashion so that the compliance is covered.

The future of orchestration Although not a new trend strictly speaking, operations orchestration is now really starting to gain traction in the service management and infrastructure management fields, and there’s a lot of integration going on in both areas. Increasingly, as organisations move more of their IT into the cloud, and set up their own private clouds, there needs to be orchestration layers running all the handshakes and fielding requests between the cloud and the physical network. Looking forward to the near future, we are probably going to see a fully automated virtual service desk with automated request service fulfilment, as well as a lot of automated call resolution without human intervention. Employees will, for example, be able to call or log in and say, “I am not able to access the corporate portal” and the service desk recognises the problem, and gives that information to the orchestration layer. The automated system will then go and check the 10 components that are required for the service to be up and running, before activating the one that is not running, quickly reinstating service. This means the complete request cycle of service delivery would take place without any human intervention. The future may well be automated, but it’s the orchestration of those automated systems that will deliver the true value.

Cloud Computing

Questions for your cloud service provider Stephen Coty, chief security evangelist for Alert Logic, walks us through the security questions you should ask your service providers, and how to get the most out of the relationship while maintaining the highest levels of security… is the only way forward for the cloud; it’s the E xpansion ideal platform to support businesses due to its ondemand capacity, scalability and – equally as important – it’s flexibility.There is an array of benefits, which range from financial advantages (which of course keeps the finance team smiling) to not having to be preoccupied with the issues of installing and maintaining hardware in data centres that don’t have the sufficient capacity, power or cooling (so the IT team is also happy). Delegating everything on to a cloud provider that promises it will take care of all areas from performance and storage to email is definitely an offer, which is hard to refuse. However, these factors aren’t the only ones you should be considering when undergoing a cloud project. It is the due diligence of companies to be certain that it is the right move for their business. The scale of information as well as the type, which is being placed within a cloud provider’s infrastructure, needs to be thought

about. Therefore, whether a business is about to make the move to the cloud, or even after they have, it is necessary for a business to give importance to the security of the data that they are placing in the cloud.

Reasons to consider security • The same type of attacks that target on-premise data centre environments are migrating to the cloud Attacks which were once typical to on-premise centres – like malware, botnet and brute force attacks for example – are now also honing in on cloud environments. As the amount of user applications moving to the cloud increases so will malware and botnet attacks. • The breadth and depth of attacks shows threat diversity in the cloud is on the rise The variety of attacks that are in existence, and are a threat to companies in the cloud, has increased this year to rival that of on-premise data centres. Companies should be just as attentive with the sophistication of their security in the cloud, as they would normally to protect their data.

www.vitalmagazine.co.uk | July-August 2014

Cloud Computing

Whether a business is about to make the move to the cloud, or even after they have, it is necessary for a business to give importance to the security of the data that they are placing in the cloud • The solutions classically relied upon to combat these threats aren’t sufficient In order to determine the efficacy of security solutions like anti-virus programmes in major public clouds globally, new patterns of attacks and emerging threats were noted through a honeypot project. An observation that was particularly interesting yet disturbing was that 14% of the malware collected was considered undetectable by 51% of the world’s top anti-virus vendors. The good news is that there is so much that companies can do in order to protect themselves; firstly they need to be educated on what their business and applications require from a security and compliance standpoint.

Questions to ask: In order to be confident that the provider takes the security of your data seriously, make sure that the cloud service provider can answer the following questions with confidence: 1. What is their data encryption strategy and how is it implemented? The ideal method for protecting significant data is encryption; rendering data unreadable to those who are unauthorised. Preferably, the cloud service provider is knowledgeable in who controls the keys and what standard of encryption is used. 2. What is the hypervisor and provider infrastructure patching schedule? As mentioned before, exploits like malware keep rising, so it’s critical that the provider updates and patches the infrastructure frequently. This aims to minimise the threats to their customer’s data. 3. How do you isolate and safeguard my data from other customers? As a consequence of the huge capacities, providers (unless privacy is specified) will house data for multiple companies. You should inquire how they segment the data, what controls they have in place to prevent accidental sharing and how the controls are executed.

4. How is user access monitored, modified, and documented? It’s necessary to know who is accessing the data to prevent it being compromised. A separation of duties needs to be in place so the provider’s administrator doesn’t have complete authority and control over your data. It’s important the provider can give a concise and clear documentation and reporting. 5. What regulatory requirements does the provider subscribe to? There are several regulatory controls a provider can stick to, to show best practice and compliance. If it sticks to industry standards, it’s a good sign that they take the integrity and security of your data with seriousness. 6. What is the provider’s backup and disaster recovery strategy? Find out what the track record is in availability and ensure there is transparency into its infrastructure. Make sure the boundaries have been defined and everyone knows their responsibility; it could be that you are responsible for the backup of your own data. 7. What visibility will the provider offer your organisation into security processes and events affecting your data from both front and back-end of your instance? This is a key part to security strategy, particularly from a forensic and audit point-of-view. In the case of an incident occurring and needing to be investigated, you must know every piece of information available to figure out how and why it happened, and, more importantly, how the action was immediately solved. So, your provider should be able to inform you how it follows this process and how you are kept alerted in these situations. These are just a fraction of questions you would want to ask the provider relating to the security of your sensitive data within the cloud, whether you’re commencing a new project or have been with one for many years. Depending on the answers given, you can select the cloud platform that makes the most sense and is the most transparent on their security offerings. The degree of competence of the answers given will help you judge just how secure your data is with that cloud provider, and how seriously they take the security of data that is imperative to your business.

References available on request.

www.vitalmagazine.co.uk | July-August 2014

Cloud Computing

Can cloud power the future UK tech economy? VitAL Magazine reports on a recent event that looked at the cloud’s role within the UK tech economy…

“T

he future”, “Not the future”, “The use of computing resources”, and “Dead” were just some of the definitions that followed the phrase “Cloud computing is...”, which were shared at a recent Dell Cloud Services roundtable event. The event intended to explore whether the cloud can power the future UK tech economy by providing a platform for innovation and profitability. It was revealed that although the UK is starting to make its mark with successful technology startups in niche sectors, it is still struggling to compete with its bigger brother across the pond from a revenue and scale perspective. According to research from 451 Research, the US accounts for 61% of the global spend on cloud as a service, with the EMEA at 22%, APAC at 14% and Latin America at 3%. But, on the other hand, according to a recent report by PwC, London has been named as the world capital for business, ranking top for its technology readiness. As Ed Vaizey, Minister for Culture, Communications and Creative Industries has commented, “Tech City is a big signal that Britain is open for business”. Clearly, the UK has the infrastructure, reputation and the skills to become the new tech hub of Europe, and the cloud could play a huge role in expanding the UK’s tech offerings, so where does the future lie?

Dissecting the cloud Looking at the business benefits of the cloud, Steve Edkins, CEO of FusionExperience, said, “From a small startup, our own infrastructure could be set up very quickly in the cloud, without having to spend lots on hardware.” Whilst Siddharth Singh, head of programmes at Pivotal Innovations, added, “Cloud not only gives the ability to set up networks and systems quickly and easily – It also gives flexibility and control as well offering startups immense scalability and processing power.” Given the “power” that cloud brings, it’s surprising that uptake in the UK has been slow. Perhaps people simply aren’t ready for change, as Mark O’Conor, UK manager partner at DLA Piper, said, “On the flip side, people talk about cloud as a disruptor in a good way, but it’s also change from a cultural perspective. Some of the large banks, or those in the public sector believe that the best practice is previous practice. You don’t want to be the latest tech nightmare. There is so much to harness, but you need to get the people on side first.” In addition, within organisations, other factors like regulation, security or even company politics can slow the process down – the CIO will have different requirements to the CMO, for example, and all these needs have to be met within one solution. There are many rules around data storage, so particular industries such as banking and finance need to consider compliance. This bureaucratic process often delays matters and approvals can be slow. Will Fallows of 451 Research said, “The issue is that with cloud, there is a process change so once it’s in, you won’t get rid of it. That’s part of the reason around ‘shadow IT’, and use of resources

beyond the IT department happens in all organisations. “CIOs that support them develop ways to franchise these activities within the organisation, spread the resources legitimately around the corporate IT estate. Roles are changing from chief information officer to chief innovation officer.” Security is another important consideration for any business; whichever solution is chosen has to be hacker-proof. Will added, “Security is a huge issue. Security of the assets, data protection, governance piece, drives a huge range of conversations with enterprises. “Businesses want to understand where the data is going beyond the firewall. That’s where the conversation around data sovereignty has circled back into view. From our experience with end-users, it has gone from one of reaction to one of prevention. Whether we like it or not, it’s become real in the minds of organisations that are looking to ensure they maintain governance environments and so on.” The participants also discussed how companies are influenced in their cloud buying decisions – suggesting that peer review is becoming increasingly important, particularly for startups. The discussion concluded by proposing that in order to make more money from cloud in the UK, perhaps all we need is to become better at promoting our businesses, particularly online.

Cloud computing on the rise The rise of cloud computing seems to be inevitable and therefore could play a very significant, positive role in boasting the UK tech economy as it offers local businesses a platform for innovation and profitability. Additionally, from a pure geographical perspective, our proximity to Europe coupled with an innovative spirit, offers US and other global entrepreneurs a launch pad from which to expand their business and IP into Europe. An increasing number of businesses in various sectors, such as gaming, digital media, financial services and manufacturing are using cloud as an integral part of driving their business model. The time is ripe therefore for the UK to jump on this bandwagon and start competing for a place in the future of cloud computing.

www.vitalmagazine.co.uk | July-August 2014

V ITAL INSPIRATION FOR THE MODERN BUSINESS

Subscribe for FREE! News, views, strategy, management, case studies and opinion pieces

www.vitalmagazine.co.uk/subscribe

INSPIRATION FOR THE MODERN BUSINESS

INSPIRAT ION FOR THE MODERN BUSINESS

An “augmented” future for wearable computing

Changing the perception of IT

Can you envisage all the possibilities?

The lack of women in IT is a real threat to the UK economy

T H I R T YO N E

www.31media.co.uk

VitAL News Feature Major software glitch at the heart of the Internet

IT Service Management What does the future hold for ITIL?

2014

VitAL’s 2014 Predictions:

INSIDE

VOLUME 8 | ISSUE 4 | JULY - AUGUST

Are online IT training courses the answer?

VOLUME 8 | ISSUE 3 | MAY-JUNE 2014

VOLUME 7 | ISSUE 6 | NOVEMBER - DECEMBER 2013

INSIDE VitAL Report

Looking back on 2013

Published by

V ITAL V ITAL VOLUME 8 | ISSUE 4 | July - August 2014

BUSINESS

V ITAL

VOLUME 8 | ISSUE 3 | May - June 2014

VitAL: INSPIRATION FOR THE MODERN

VitAL: INSPIRATION FOR THE MODERN BUSINESS

VOLUME 7 | ISSUE 6 | November-December 2013

INSIDE VitAL News Improving IoT security

VitAL Security

How secure is the “IoT”?

How well do you know cloud computing?

VitAL Management

How are chatbots changing modern business? It was recently reported that a chatbot passed the Turing test by fooling people in a text conversation that it was a human. Very impressive, but what implications could this have for businesses? How far away are we from this technology being an everyday reality? Asks Nick Chowdrey, technical writer at accounting firm, Crunch… Intelligence is a concept that’s fascinated A rtificial humanity for decades. Coined in 1955 by American computer scientist, John McCarthy, as “the science and engineering of making intelligent machines”, artificial intelligence (AI) has already affected modern living in many ways. In 2014, we’re closer than ever to making the science fiction fantasies of yesteryear a reality. There’s no doubt that AI could potentially have a huge impact on modern life, but what effect will it have specifically on the way that we do business? In early June 2014, The Guardian ran an article that boldly stated, “Computer simulating 13-year-old boy becomes first to pass Turing test. ‘Eugene Goostam’ fools 33% of interrogators into thinking it is a human, in what is seen as a milestone in artificial intelligence.” The Turing test was proposed by Alan Turning – a brilliant English

mathematician credited with breaking the Enigma code in World War II – in his 1950 research paper, entitled Computer Machinery and Intelligence. The test is simple: a human interrogator asks multiple questions of both a human and a machine and has to guess which one is which. Although technically Eugene was the first “chatbot”, as they’re known, to pass the test by fooling a third of interrogators, the scientific community responded with scepticism, doubting that this was a “big leap forward”. Many experts said that the test, now 64 years old, could not be seen as a definitive measure of artificial intelligence, because it only tests a machine’s mechanical ability to deceive humans, not necessarily to think for itself. Nevertheless, more and more companies are today using chatbots to replace traditionally human roles or to enhance their customer experience. How intelligent are these bots, exactly, and how are they being used in modern businesses?

Virtual agents Maria Ward is head of web services at Virtual Zone, a digital services company, which specialises in providing business chatbots or, as it calls them, “virtual agents”. She says that Virtual Zone’s clients are highly satisfied with the results they get from virtual agents. “Our most successful project to date in terms of technology and number of users is LISA on the National Rail Enquiries (NRE) website. LISA has many conversations and answers thousands of questions every day. At times of severe

www.vitalmagazine.co.uk | July-August 2014

VitAL Management

At times of severe disruption, the number of users increases enormously. On one of her busiest days, she answered over 32,000 questions, saving NRE hours on the phones disruption, the number of users increases enormously. On one of her busiest days, she answered over 32,000 questions, saving NRE hours on the phones.” According to its website, Virtual Zone’s agents “can answer your customers’ questions 24 hours a day, seven days a week, helping them find the information they need and taking them to pages within your site”. This is achieved using sophisticated word and phrase recognition technology to give the impression of talking to a “real” person. Virtual agents work because they are programmed to recognise a very narrow band of popular questions commonly asked by users. They then either give a direct response, or suggest relevant pages to the user. Any kind of question that falls outside this category is met with “sorry, I do not understand.”

Why not just use website FAQs? It begs the question: what makes a virtual agent any better than just a searchable FAQ? Amy Stapleton, AI industry analyst and editor of the Virtual Agent Chat blog, said, “Web users generally prefer the easiest and quickest way to obtain the information they seek. Website FAQs are typically hard to locate and difficult to navigate. Even searchable knowledge bases are cumbersome and can be frustrating to use. FAQs and knowledge bases don’t work well on mobile devices either. “The idea behind virtual agents is that they provide web and mobile users with an experience that’s nearly as good as talking to a human service representative. Talking to a human is almost always preferred, when possible, whereas searching an FAQ page is the least preferred method of getting information. Engaging with a virtual agent is therefore somewhere in between.” This being said, there have been incidents when using virtual agents to respond to customers over social media has gone horribly wrong due to an obvious lack of tact. This is made even worse because the replies are public. For example, in 2013, a group of protesters occupied the space outside of Bank of America in downtown New York and posted pictures on Twitter of some graffiti, mentioning @BofA in the posts. The Bank of America chatbots arming the social media channel at the time responded to the protesters’ lamentations like mindless automatons, replying to tweets with messages like “Hi, I work for Bank of America. Anything I can do to help?” and “We are here to help, listen, and learn from our customers and are glad to assist with any account related inquiries.” This is the perfect example of just how far away we are from true artificial intelligence solutions for businesses. There is, however, one company that’s making leaps and bounds in the right direction.

www.vitalmagazine.co.uk | July-August 2014

Introducing Watson Tech giant, IBM has been busy developing an artificial intelligence program, named Watson after their founder, Thomas J. Watson. Watson is light years more advanced than your standard chatbot, because it has the ability to learn and respond to unstructured content. This means it can more easily converse with humans in a natural way, recognising slang, idioms and even puns in text. The program was shown off in public in 2011 on the American TV show, Jeopardy! when it played against two of the show’s most successful players. Jeopardy! was chosen for its highly complex questions and incredibly intelligent champions. Astonishingly, Watson managed to win the contest, eclipsing the other two contestants by three times their scores. The most astonishing thing about this victory was that Watson wasn’t even connected to the Internet during the game. He instead had accumulated knowledge through playing test games against other players and learning how to answer the questions. One of the ways IBM say Watson can be used is as an “engagement advisor”. Similar to the virtual assistant discussed above, Watson would be the first point of contact for general customer questions. The difference is that Watson is able to analyse all of a company’s data, in order to cover the widest range of questions possible. This is a lot more advanced than having to program all the data in yourself, and leads to a broader and more efficient experience for the user. Along with Watson’s enhanced language abilities, this gives customers a far more efficient and human-like experience.

The future of AI So what’s next for Watson and the future of AI? I asked Mark Bishop, Professor of Cognitive Computing at Goldsmiths University, what the picture would be like in 10 years time. “The symbiosis of Watson and humans working and interacting together promises to open up a whole new way of doing science, art and business and it is tantalising to imagine what might be achieved in 10 years should Watson be made available for everyone to interact with, say, via the Internet,” answered Professor Bishop. “Certainly the use of Watson in business is already being explored in the search for new cancer drugs. From this position, the business case for the so-called ‘Deep AI’ project, which includes Watson, already looks very bright indeed.”

VitAL Management

Is endpoint management dead? Ashley Leonard, CEO,Verismic, looks at how endpoint management can combat modern business challenges such as BYOD, shadow IT, IoT and multiple device ownership, and how it is moving to a cloud-service and reducing the burden for IT teams...

Endpoint management technology can counter shadow IT and support BYOD practices by first discovering what devices are connected to the corporate network IT managers will tell you that device management M any – for PC, laptop and tablet fleets – is already dead. Info-tech analyst, Mike Bassista agrees recently suggesting that “organisations should treat IT as utility: any endpoint should be able to access the applications and services needed by its user. And like the power company doesn’t need to manage light bulbs receiving electricity, IT doesn’t need to manage endpoints receiving IT services.” But, to the contrary, I really believe device management is more important now than ever before.

New challenges Employees viewing IT as non-responsive are actively purchasing hardware and software behind the backs of the department.

End-users are bypassing rather than engaging IT. A 2014 survey by Stratecast/Frost & Sullivan of 300 employees in organisations in the United States, United Kingdom, Australia and New Zealand found 80% of respondents admitted to using nonapproved SaaS applications in their jobs. Shadow IT is creating a hidden, growing pool of assets, which companies own, but are unaware of. This creates a legal, security and compliance risk. Imagine a scenario where a CIO or CEO signs off its Sarbanes Oxley report to say devices and networks are secure, but in reality their marketing manager has downloaded software to a company PC, which is leaking records data to the Internet. Of course the main concern around shadow IT is that it’s just the beginning. As more individuals trust cloud-based software and services, it is likely that growing numbers will bypass IT and download applications without thinking. The risk of data leakage

www.vitalmagazine.co.uk | July-August 2014

VitAL Management

grows significantly with increasing trust in the cloud.

Like the power company doesn’t need to manage light bulbs receiving electricity, IT doesn’t need to manage endpoints receiving IT services

corporate network, and pose a greater risk of data leakage.

Mike was really referring to BYOD in his statement, “…like the power company doesn’t need to manage light bulbs receiving electricity, IT doesn’t need to manage endpoints receiving IT services.” I don’t see it this way because the humble light bulb doesn’t present a major risk to the building within which it is fitted, but user-owned devices do present a risk.

Endpoint management technology can counter shadow IT and support BYOD practices by first discovering what devices are connected to the corporate network. Second, the technology can run an inventory to understand what software is being used and by whom. Third, it is possible to patch and manage those devices and applications with the correct permissions in place.

Any organisation with a BYOD policy in place will still want to know that a device is operating securely when connected to the corporate network – that it does not present a security and compliance loophole.

Not all endpoint management services are the same

Of the few companies actually adopting BYOD policies, they’re realising it increases the need for endpoint management, not reduce it. Devices connecting to a corporate network still need to be checked for unlicensed and un-patched software in order to protect the organisation from security threat and compliance breach. It’s also important to remember that the number of devices we all own is increasing too, I bet you’ve got at least three?! I know the PC market is doom and gloom – I’ve read the reports. IDC says global PC shipments are expected to fall etc, etc. The mobile is a secondary, if not tertiary device. Have you ever tried working an eight-hour day on either of these devices? The laptop at least is not being replaced, but is being augmented by tablets and mobile devices. Employees are accessing all of these devices throughout their working day and beyond. The Internet of Things (IoT) is also an intriguing development – a potential evolution of BYOD. Employees may choose to bring personally owned, internet-connected devices, such as watches, cars, glasses etc., into the workplace. The IT industry is getting excited with analysts like Gartner predicting massive growth in this area. It says IoT, excluding PCs, tablets and smartphones, will grow to 26 billion units installed in 2020 representing an almost 30-fold increase from 0.9 billion in 2009.

What should IT managers do? Assuming WiFi and corporate networks are secure, the usual anti-viral / firewall protection is in place what should IT managers be implementing? Well, in the case of IoT, maybe not worry about it! These small items are unlikely to pose a major threat to the organisation particularly if it is running basic WiFi security procedures. As long as the network is configured correctly, then any security threat will be minimised. However, IT managers should be worried about those unknown, unmanaged and unpatched PCs, macs and tablets, which have a greater likelihood of being connected to the

www.vitalmagazine.co.uk | July-August 2014

If, like me, you can see that endpoint management is very much alive and necessary, there are five things to consider before deployment: 1. Cloud-delivery IT managers – and specifically those in large organisations with disparate sites – must be able to discover, patch and manage devices remotely. It’s not realistic to expect the IT manager to visit every site to load the endpoint management software. 2. Rapid discovery If the process of discovering devices takes days or worse weeks, it’s a waste of time and a security risk. IT managers should look to partner with a vendor or MSP that develops an endpoint management service, which can work within minutes. 3. Reduce burden If the endpoint management service actually adds a permanent layer of software code to each device, it is making more work for the IT manager, who will have to maintain the very code he or she has deployed. 4. Secure An endpoint management cloud service needs to segregate customer data, use Secure Sockets Layer [SSL] to encrypt / protect data in transit and use security certificates between servers and client devices to build a chain of trust to secure the flow of data. 5. Development roadmap Vendors must be able to clearly communicate the future of the service, which devices it will be able to identify, manage and protect now and in the future. Endpoint management is more vital now than ever before. The devices we all carry into work are changing and increasing in numbers, but the laptop isn’t going anywhere soon (anymore than the TV will be ousted from our homes). Managing endpoints is essential to combat shadow IT, police BYOD and help organisations focus on what is important.

VitAL Management

Emotional computing: Part 2 As a follow up to his article on emotional computing in the March/April issue, Abhijit Telang, founder of Loneous Software, looks at the possibilities in synthesising emotions in systems based on observed performance and ongoing interactionsâ&#x20AC;Ś

The first step is to build an entity model of emotions.This can be simplistic at the start, but will be crucial to represent emotions, how they are laid out and how they progress depends on knowledge of events emotions based on system-system or systemS ynthesised user interactions can provide a new plane through which new insights can be discovered.

Emotions are, in a way, analogous to a lightning strike: they are felt rapidly, in an integrative fashion, and have branching pathways.

Such a feat promises to empower next generation systems to empathise with the human emotions at various points in time, and this, in turn, will enable us to readily query and discover both positive and negative emotions along execution. This is certainly possible, if not easy, and in this article, we will consider how.

We can analyse emotions into broadly three aspects, which will govern the eventual pathway:

However, emotional pathways are not random, and there is a rationale behind branching out. As discussed in the last article, emotions and rational analysis are inextricably linked as emotions drive analysis and progression with the latter generating more emotions as a by-product.

â&#x20AC;˘ Genre: What is the nature of the emotion? + Or â&#x20AC;˘ Category: What type of emotion? Anger, disappointment, joy etc.

www.vitalmagazine.co.uk | July-August 2014

VitAL Management

• Intensity: How strongly felt? In addition, the progression would be in fourth dimension, that of time.

Conventional monitoring By leveraging conventional monitoring and control techniques, we can monitor delays, lack of compliance, and violation of norms. However, what one might “feel” is not apparent. So, can the system “empathise” with its users based on its interpretation of information? Can it change course based on that? What is heartening is that emotions at various monitored points can be “synthesised and probed” in the same way performance related information is by leveraging the existing monitoring infrastructure. In its simplest form, a threshold based approach with probes in the right places, can help achieve this by analysing whether the observed value is above or below given threshold and by how much. The thresholds can therefore be about: • Extent to which objectives are met, exceeded or have been missed. • Perception of resources (time, money, people, equipment) at hand. The emotions to be “felt” by the system can be based on our everyday desires versus actual comparisons against such thresholds.

A taxonomy of emotions To synthesise emotions, the system will need a reference to boot from and build on and needs to be equipped with an emotional taxonomy to record the most common emotions in their contrasting and complimentary effect. Let’s dig a little deeper.

Aspects of taxonomy: • Genre Genre can be thought of as a representation of either positive or negative emotions. This will enable systems to choose a “path” towards “feeling” the outcomes of processes or tasks. This answers the principal question, which a user may ask. “I have seen a development, or a trend, should I feel good about it or bad?” Measured performance should guide the system about which “pole” to climb on: positive or negative? The system can also lay out a progression path, as data based outcomes are revealed from execution. • Contrast Once, the system is on the right pole, it needs to decide on the exact type of emotion to be “felt”? Here, it will be aided by taxonomy, to layout the commonly felt contrasting emotions. By doing this, we are letting the system think in terms of

www.vitalmagazine.co.uk | July-August 2014

emotional contrasts such as disappointment or satisfaction, anticipation or despair etc. • Intensity This aspect focuses on how strong or intense a feeling is for a particular emotion. For instance, one can feel mildly disappointed, miffed or enraged as far as missed targets are concerned. Intensity would in general, be proportional to the extent by which goals have been met, exceeded or missed.

Emotional paths Once the system knows the overall feeling, the specific emotion type and the intensity of it, it can look at the overall trend. More specifically, an emotional path during a given time, can provide an answer to: “How have my emotions successively progressed throughout a given time, and how rapidly?” What could be even more promising is the system could also decide on how to cure what it feels. This may require the system to undertake actions that would possibly, first “change the poles” and then climb the specific emotional states all the way up to satisfaction. It can do so based on comparing with a set of what can be called “emotional signatures”. For instance, an ideal emotional path for enabling a new functionality can be: Curiosity » Desire » Motivation » Adequacy » Confidence » Achievement » Satisfaction Wherever the current state has fallen on the “wrong pole” or may have descended on it, or perhaps is lacking in intensity, it should provide a new set of intentions to initiate corrective actions. The system can now generate what can be called the motivation for state change. This brings us to the next component to have...

Rule sets for establishing emotional paths Rule sets built in advance and tuned frequently can empower the system to synthesise emotions, and observe deviations against the desired emotional reward path. The information sources can be what we already have such as HRMS, BI, ERP, Process Engines and other infrastructure platform layers. We are now leveraging the existing infrastructure to estimate the possible emotional reactions and the system can process the emotional paths just as it processes rational paths. So, with knowledge of the desired reward path, the system can set itself on a correction course by continuously evaluating feedback until a synthesised reward is received.

Conclusion Synthesis of emotions derived from system-system and systemuser interactions is very much possible. It promises to unlock a whole new way of looking at the overall performance of the system, considering the set expectations, actual outcomes and behavior during operations. Moreover, it may also open up further possibilities of empathetic systems and components that may undertake autonomous behavioral corrections to achieve the desired emotional state.

VitAL Management

Managing mobile resources in service delivery John Cameron, general manager,Trimble Field Service Management (FSM), provides best practice advice to field service businesses around how to manage their mobile resources effectively…

companies managing a large field service M any workforce operate in industries that require highly

skilled individuals, whose work is variable and complex in terms of location and task. Add in a high degree of compliance-focused work and that means that field service work has become increasingly mission-critical in terms of timing, skills and consequence.

However, with market competition and customer expectations at an all-time high, it is more important than ever that organisation’s ensure that their field service is not derailed by unpredictable dynamics of the working day. Understandably, the biggest area of concern for those in field service is workforce management and 69% of organisations are investing in technology to help manage jobs more effectively.

Expert insight: Defining the challenges Establishing what it takes to manage a large field service operation today, from managing the people and scheduling the work to the technology that helps to drive efficiency, is essential and requires organisations to overcome a number of obstacles, including:

The biggest and most repetitive challenge facing organisations managing a mobile workforce is cost and this is closely related to a secondary challenge – the role of the technician in the business • Traffic congestion and vehicle breakdowns causing delays or even failure to meet an appointment. • Workers potentially calling in sick, starting late or getting delayed can impact adversely on the productivity of the workforce. The biggest and most repetitive challenge facing organisations managing a mobile workforce is cost and this is closely related to a secondary challenge – the role of the technician in the business. The technician is often the only contact a customer has with the company and therefore exposure to the company’s service

• Jobs overrunning if they are more complicated than first thought.

www.vitalmagazine.co.uk | July-August 2014

B US I N E S S SOLUTIONS

Empower the end user. Introducing MyIT, a seamless way to deliver self-service IT and put your users in control. It’s the fastest way to give your users something to be happy about, while freeing up IT to make an even bigger impact.

MyIT means happy users and more productive IT MyIT is a consumer-like app that transforms business users’ IT experience. It's easy and intuitive, IT users will actually want to use it... Finally, a modern enterprise solution that helps business and IT work together. FInd out how Fusion Business Solutions can help you integerate BMC MyIT to meet the changing demands of service delivery with a new approach to IT self-service. For more information, visit www.fusion.co.uk/try-myit today and to request your free trial. Contact Parm Powar at Fusion for further information on +44 208 814 6162 or email parm.powar@fusion.co.uk

About Fusion Fusion is a Service Management and IT Operations specialist that uses our highly experienced and trained staff to help IT organisations improve their service performance, quality and efficiency. We are a trusted advisor to over 200 organisations helping them transform their IT departments using world-class IT Management software from companies like BMC Software. We have offices in England, France, America, Bulgaria and India. We help organisations transform and improve their Service Management and IT Operations processes to gain superior performance and efficiency through advisory and strategy services like Benefits Realisation, Service Transformation, Data Centre Optimisation and Green IT Consulting. We help organisations "industrialise" their IT Operations to improve productivity.

+44 208 814 4888

fusion.co.uk

info@fusion.co.uk

@fusion_ITSM

VitAL Management

Intelligence is at the heart of scheduling with over half of organisations using service performance data to evaluate the effectiveness of scheduling criteria

delivery and brand. With a proven link between customer satisfaction, retention and profitability, how the technician interacts with the customer can be significant in the customer experience. The challenge facing organisations is therefore around the role and responsibility of the technician. An additional challenge is measuring service performance, suggesting that the old adage of you cannot manage what you cannot measure certainly rings true. Measuring what is happening in a hugely diverse workforce and identifying what the key metrics are to do that is essential. Ultimately you need to understand what has happened and you want to know that “now” to use that data to enable real-time decision-making.

Finally, managing change and embedding best practice is core to a successful field service operation. Organisations often wrestle with this change on a regular basis from all sorts of areas, whether it is new technology, new people, new policy or new vans and equipment. In a remote workforce, managing change and making sure that it sticks is particularly difficult, due to their activities, but finding a way to embed change and making sure that best practice is shared across the workforce is a key success factor.

Putting workforce management technology into action Reassuringly, developments in workforce management technologies have begun to offer a solution to these challenges, through intelligent scheduling tools and performance management analytics. This capability provides the stepping stones needed to help organisations measure, manage

and improve their operations through optimising resources, offering real-time visibility and monitoring and giving warning of tasks at risk or showing the impact of work allocation decisions.

Traditionally, many organisations scheduled tasks based on a technician’s allocated territory, but with today’s most common customer complaint being that a technician did not resolve the issue on a first visit, scheduling the most knowledgeable technician to a task or one who has the right tools or parts in their vehicle, is crucial. As a result, more and more organisations are beginning to realise the value of intelligent scheduling – incorporating technician knowledge, parts availability, and capacity into their scheduling processes to ensure that the technician arriving on site is actually the person who can resolve the customer’s issue the first time. Aberdeen Group found that intelligence is at the heart of scheduling with over half of organisations using service performance data to evaluate the effectiveness of scheduling criteria. Self-learner tools can also help considerably with intelligent scheduling. They incorporate an algorithm that quickly learns preferences for each mobile worker and will allocate tasks accordingly. This includes geography, such as which mobile workers normally service particular areas, and what skills mobile workers have and to what degree they are qualified to do certain types of work. Such capabilities help to improve customer service as tasks can be scheduled to best meet Service Level Agreements (SLAs), produce efficient routes to reduce travel time and ensures work is only given to those with the right skills, carrying the right assets and tools.

A case in point: Pacific Telemanagement Services (PTS) Justin Keane, chief operating officer at PTS, drove change in the organisation after recognising a need for additional effectiveness in its scheduling processes. Every morning the company would give a batch of tickets to its technicians for their assigned regions and would see what they could get done in a day. Technicians would print a list of their tasks and spend half an hour planning routes based on their own knowledge of the area. They tried using a map to sequence the stops, but that took about an hour a day for each of the eight regional hubs, which is eight hours a day just to build the routes. With these scheduling problems having a detrimental effect on the company’s productivity and growth, it sought a solution that would allow it to become more efficient and reduce or eliminate the time required for scheduling.

www.vitalmagazine.co.uk | July-August 2014

PTS deployed a field service management solution, which allowed dispatchers to view all their tasks and schedules in one place. This has reduced the time that dispatchers spend on routing from three hours a day to 45 minutes a day – an efficiency saving of 75% or about 11 hours a week. Additionally, since the technicians no longer needed half an hour a day to plan their own routes, it has saved more than 200 hours per week of their time and job completion rates have increased by 10%. PTS has expanded its field service technology to all of its regions and this has made the company more productive, which means improved efficiency, happier customers and a more positive bottom line.

End-user Story

Direct approach to improving support services learndirect shares with VitAL Magazine how it was able to improve its customer service and operational efficiency with a new technical support desk…

in 2000, learndirect is the UK’s largest provider L aunched of skills, training and employment services. Since then it

has helped more than four million people to gain the skills they need for work, as well as helping 75,000 businesses to equip their staff with the skills needed to succeed. More than 10,000 people log on to learndirect every day and around 20,000 apprentices learn with the company each year. learndirect wanted to provide a higher level of dedicated, remote first line support to external clients such as learners and remote tutors, via a new technical service desk based in Leicester. The aim was to provide the new team with the tools to enable first time, fast solutions for their learners and, in turn, reduce the number of escalations to its second line support facility in Sheffield, thus allowing them to focus on more complex and time intensive issues. A key requirement was to provide a more flexible and adaptable environment, compared to the service centre’s existing “locked down” thin client solution, whilst also maintaining access and security requirements. The new team also needed to have the ability to switch between multiple operating systems, so that technicians could support endlearners more effectively by replicating their operating environments. learndirect service delivery manager, Alex Panizzi, said, “The objective was to set up an environment which was more suitable for supporting technical issues, and therefore be able to provide a better service for our callers at first point of contact.”

The solution Commenting on learndirect’s long history with Damovo, Alex added, “We wanted to extend the existing services which Damovo had provided, but tailor these so that the solution would meet the needs of a technical service desk. We therefore asked them to provide a flexible, secure and cost effective desktop solution, which gave our agents the ability to replicate multiple end-user environments.” To meet this requirement, Damovo implemented a high specification HP laptop environment, which utilises VMware Workstation, plus Windows Deployment Server to enable rapid redeployment in the unlikely event that a laptop should fail. The solution supports 11 technical service desk agents; with the ability to scale up or down as required – and has been developed to be easily replicable and scalable, with service continuity guaranteed through “hot swapping” of hardware.

Business benefits Originally set up as a government initiative, learndirect’s aim was to use new technology to transform the delivery of learning and skills across England, Wales and Northern Ireland,

www.vitalmagazine.co.uk | July-August 2014

The objective was to set up an environment which was more suitable for supporting technical issues, and therefore be able to provide a better service for our callers at first point of contact and with each new technological development from Damovo, this aim is reinforced every day. The flexible solution, which has been implemented gives learndirect’s agents the technology they need in order to carry out their day-to-day tasks more efficiently and with a greater scope of support. The main business benefits are improved customer service with more first-time fixes, combined with increased operational efficiency as agents are now able to do more at first line level. This reduces the number of escalations into other support levels and relieves pressure on the Sheffield facility. Alex explained, “Our standard set up uses a thin client solution, which is locked down – and this meant that replication of different end-user environments and technical issues was restricted. But the new solution enables that flexibility, whilst still being embedded within existing support and contracts. “It is also scalable, which means that we can use it for potential future needs in our technical support model, as well as meeting our current external first line technical support needs. Additionally, the support is consistent with the existing model, which makes it very straightforward to manage.” Feedback from agents has also been very positive, not only in relation to the implementation of the project but also with regard to the live environment, with minimal issues experienced. “The Damovo solution has provided the greater flexibility that we set out to achieve and the agents are now able to investigate issues to a greater level,” said Alex. “The implementation was very smooth and this was a significant benefit to us – as our timescales were tight and the technology was just one part of the other activities we needed to carry out in order to set up the technical service desk, such as recruitment, training and communications. “It was therefore of great value to us that Damovo delivered the technology aspects so well. They are considered a key partner for learndirect – and we will continue to engage with Damovo on our future plans as we go through significant changes in our business model and strategy over the coming months.”

Breakthrough Technology

Android Auto added to next generation cars Android Auto takes to the driving seat. Sophie-Marie Odum investigates...

Google’s approach to user-centricity and the application of technology to improve peoples’ everyday lives makes Android Auto a perfect addition to the Volvo experience

features and services familiar to Android D elivering smartphones and tablets directly into its cars, Volvo Car

Group (Volvo Cars) is pleased to announce that it is now integrating Android Auto into the Volvo in-car experience.

Available via Volvo Cars’ touch screen display, Android Auto is said to transform the look and feel of the car’s interior. It will provide access to Google Search, Google Maps, Google Play Music and specially adapted third-party applications, such as Spotify. All phone-based applications can be controlled via voice or steering wheel controls, or the car’s touch screen, ensuring the entire interaction with Android Auto content is both safe and easy. Håkan Samuelsson, President and CEO of Volvo Cars, said, “Google’s approach to user-centricity and the application of technology to improve peoples’ everyday lives makes Android Auto a perfect addition to the Volvo experience. “We have worked hard to ensure an enjoyable user experience with Android Auto. This will offer our customers a new degree of fluidity and accessibility in the usage of their mobile devices, and bring the digital ecosystem our customers already enjoy into the car, complementing Volvo Cars’ existing connected car services and applications.”

In related news, a new report, Connected Cars: Consumer & Commercial Telematics and Infotainment 2014-2018, by Juniper Research on the telematics sector, found that the number of in-vehicle apps in use is expected to reach 269 million by 2018, representing a more than fivefold increase on last year’s figure. “By 2018 most new vehicles will come with integrated apps as standard,” says the report’s author, Anthony Cox, “aftermarket app integration will also be commonplace, as head-unit manufacturers launch increasingly sophisticated devices.” Volvo Cars’ portrait touch screen is said to provide users with the benefit of having both Volvo Cars and Android Auto content on the screen simultaneously, removing the need to switch between car and Android phone screens. Håkan added, “Android smartphone users will feel completely at home in a new Volvo. We have created a wholly-integrated user experience in our large portrait-oriented touch screen that takes the in-car mobile device experience to a new level. That, coupled with the obvious driver safety benefits of an advanced voice control system offered by Google, made Android Auto a perfect match for Volvo.” Android Auto will be available on all new Volvo cars based on the new Scalable Product Architecture (SPA).

www.vitalmagazine.co.uk | July-August 2014

V ITAL INSPIRATION FOR THE MODERN BUSINESS

Print | Digital | Online For exclusive news, features, opinion, comment, directory, digital archive and much more visit

www.vitalmagazine.co.uk

VitAL Online has undergone a redesign, and now features breaking news, events, as well as information on upcoming Focus Groups and Executive Debates Published by T H I R T YO N E

www.31media.co.uk

SUCCESSFUL SOFTWARE DELIVERY

DO YOU WORK WITH THE SAME VISION? Create the software your business really needs Requirements. It’s surprising how often a single link can break the software supply chain. But it’s where most defects occur. Removing them later in the lifecycle is costly, impacts delivery schedules and drains resources. That’s why errors and rework so frequently undermine project success. While complexity has increased exponentially, managing requirements hasn’t evolved at the same pace. Borland tools can improve collaboration. Our technical solution keeps stakeholders in sync throughout the project lifecycle. Better input means better products. So join the thousands of Borland customers who already tackle requirements the right way ... precisely. See more at www.borland.com/connect