VitAL Magazine - May-June 2014 by 31 Media

VOLUME 8 | ISSUE 3 | May - June 2014

V ITAL INSPIRATION FOR THE MODERN BUSINESS

Changing the perception of IT The lack of women in IT is a real threat to the UK economy

INSIDE VitAL News Feature Major software glitch at the heart of the Internet

IT Service Management What does the future hold for ITIL?

WE SET THE STANDARDS WHEN IT’S MISSION CRITICAL We’re launching two new security certificates at InfoSec 2014.

BCS, The Chartered Institute for IT, is the business name of The British Computer Society (Registered charity no no. 292786) 2014

BC760/LD/AD/0413

bcs.org/infosec

Contents

Contents 8 NEWS

22. Architecting visibility into networks

Half of businesses experience hourly, daily and weekly availability and outage issues 10 Research highlights the dawn of the super user

13 VIEWPOINTS Prevention is underrated 14 Bletchley Park – lessons to learn from the past?

20 VitAL REPORT Cost of business cyber security breaches rises

16 VitAL NEWS FEATURE Major software glitch at the heart of the Internet Sophie-Marie Odum finds out what businesses and individuals need to do to protect their valuable data…

VitAL Magazine investigates a survey, which reveals that the scale and cost of cyber security breaches has almost doubled…

22 IT INFRASTRUCTURE Architecting visibility into networks You can’t manage what you can’t see, says Roark Pollock as he explains why network visibility is key for businesses…

IT SERVICE 28 MANAGEMENT The changing face of remote support VitAL Magazine interviews Stuart Facey to discover if service desk teams are set up to cope with the increase in enquires about mobile devices...

16. M ajor software glitch at the heart of the Internet

www.vitalmagazine.co.uk | May-June 2014

What does the future hold for ITIL? Is ITIL still relevant 25 years on and, if so, how does it still provide business value? Kaimar Karu shares his thoughts…

Contents

Contents 34

COVER STORY Changing the perception of IT Two new reports have exposed the huge gender gap in IT, which is set to widen over the coming years, meaning that the UK economy could miss out on an extra £2.6 billion a year. Why does this gap still exist in 2014?...

VitAL SECURITY Zero-Day is the new battleground Corey Nachreiner looks at the characteristics of an Advanced Persistent Threat, and explains why we need a new approach to mitigate the risks…

42 CLOUD COMPUTING

34. Changing the perception of IT

VitAL PROCESSES

The future of cloud

Humans vs. Machines?

Nathan Bell discusses the various possibilities the cloud can offer businesses today and in the future…

Organisations are now forced into a delicate balancing act in juggling the management of technology with the needs/interests of employees. Both are essential for the smooth running of an organisation, but where should priorities lie?...

VitAL MANAGEMENT Learning how to maintain productivity as the business grows

According to Graham Twaddle, greater innovation can help resolve the mismatch between growth and productivity…

IT ASSET MANAGEMENT Tackle the 2014 IT license price rises Martin Prendergast warns organisations to beware of the cloud when it comes to licensing, and always negotiate…

REAKTHROUGH B TECHNOLOGY “Intelligent” pedestrian crossings

42. T he future of cloud

www.vitalmagazine.co.uk | May-June 2014

Sophie-Marie Odum investigates TfL’s plans to launch “intelligent” pedestrian technology, which it hopes will make crossing the road easier and safer…

Leader EDITOR Sophie-Marie Odum sophie.odum@31media.co.uk Tel: +44 (0)203 056 4599 ADVERTISING Advertising Manager Nick Hayward nick.hayward@31media.co.uk Tel: +44(0)203 668 6949 Advertising Executive Sarah Walsh sarah.walsh@31media.co.uk Tel: +44(0)203 668 6945 DESIGN & PRODUCTION Tina Harris tina.harris@31media.co.uk EDITORIAL & ADVERTISING ENQUIRIES 31 Media Ltd 41-42 Daisy Business Park, 19-35 Sylvan Grove, London, SE15 1PD Tel: +44 (0) 870 863 6930 Email: info@31media.co.uk Web: www.vitalmagazine.co.uk PRINTED BY Pensord, Tram Road, Pontllanfraith, Blackwood, NP12 2YA © 2014, 31 Media Limited. All rights reserved. VitAL Magazine is edited, designed, and published by 31 Media Limited. No part of VitAL Magazine may be reproduced, transmitted, stored electronically, distributed, or copied, in whole or part without the prior written consent of the publisher. A reprint service is available. Opinions expressed in this journal do not necessarily reflect those of the editor or VitAL Magazine or its publisher, 31 Media Limited. ISSN 1755-6465 PUBLISHED BY: T H I R T YO N E

Hackers take on e-commerce giant, but why a delay in disclosure? The online marketplace, eBay recently forced users to change their passwords after a cyberattack compromised its systems. The Californian-based firm, which has 128 million active users, said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data. Although eBay said there was no unauthorised activity on its members’ accounts, it said that changing the passwords was “best practice and will help enhance security for eBay users”. However, the damage could well have already been done, due to the time lag between the cyber breach and the discovery of the breach. Questions have been raised about the delay in reporting the breach, which may well have put customers at greater risk With more and more personal and financial data being held online, there is too much at risk to be complacent. According to news reports, California is the first of three states beginning investigations into the eBay breach, with calls for the online company to fund credit monitoring for all those affected. In a sign of things to come, companies who incorrectly handle data breaches risk fines of up to €100m under the proposed EU Data Protection Act For a site that is built on trust, this news could do a lot to damage eBay’s reputation. If they haven’t already, it’s time for all companies to review and assess current cyber security policies and defenses to avoid becoming victims of cyber attacks.

VitAL Magazine, proud to be the UKCMG’s Official publication.

Dr Martyn Thomas, from the Institution of Engineering and Technology (IET), makes an excellent point, he said, “eBay’s business model depends on trust, through their pioneering work on feedback scores. If accounts are taken over by rogue traders, they could impersonate users who have high feedback ratings, undermining and potentially destroying the trust on which eBay’s business has been built.

ITIL ® is a Registered Trademark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the US Patent and Trade Mark Office.

Until next time,

“This should be a further wake-up call for all company directors and Audit Committees to treat cyber security as an existential threat to their organisations.”

PRINCE2 ® is the Registered Trade Mark of the Office of Government Commerce. MSP ® is the Registered Trade Mark of the Office of Government Commerce.

Sophie-Marie Odum Editor

www.vitalmagazine.co.uk | May-June 2014

News

Half of businesses experience hourly, daily and weekly availability and outage issues A recent survey among 250 UK CIOs and IT leaders has revealed that nearly half of respondents are plagued by regular IT performance and availability issues. 48% of respondents experience hourly, daily and weekly availability and outage issues.

Even in this group, only 46% claim excellence in quality of service, regardless of budget. Among larger enterprises, only 20% of respondents believed they were achieving “best effor t” in quality of service, regardless of cost control.

21% of those asked experience business downtime daily or hourly.

When questioned about IT environment complexity opinions are split. 40% of respondents agree that their current environments are more complex compared to five years ago, with hybrid IT cited as the most difficult and complex to manage by 55%.

ControlCircle commissioned the IT Growth and Transformation Survey, with Vanson Bourne, to explore IT budget alignment and how CIOs are managing IT as well as innovation. Overall, smaller organisations (employing between 251 to 500 employees) report a higher level of service excellence across the board.

Looking forward five years, approximately half believe their current IT environment will simplify; yet, 30% still believe complexity will increase. 52% of

Digital skills are key to employment

81% of employers require their workforce to have digital skills, yet only 52% of employers believe that their workforce has the digital skills to meet their future challenges, according to a survey by BCS, The Chartered Institute for IT. Skills Minister, Matthew Hancock, said recently, “The modern world and workforce is becoming increasingly dependent on the Internet, yet there are still 11 million people in the UK without basic digital skills. If we are to compete in the global race then we must have an IT and digitally literate population.” The Institute’s survey of HR professionals and employers showed that email, word processing and spreadsheet skills are considered necessary for the majority of roles in the work place. Jon Buttriss, CEO, BCS Learning & Development Ltd, part the

Institute, added, “Our survey shows how important it is to be able to operate a PC, laptop, tablet or smartphone to be successful in today’s work environment. Today, almost every job relies on some aspect of technology whether it’s sitting at a PC in an office, working at a checkout or delivering parcels. “Employers want people to have the skills to be able to walk into a role and be productive straight away. Our findings showed that employers believe that a main benefit of these skills for the individual is increased efficiency while the organisation benefits from increased productivity.” However, it’s not just word processing, spreadsheets and data manipulation that are in demand. The survey shows that social media skills are also rated as important for the majority of roles (71% of respondents rating them as very or quite important). Jon said, “Today, employment is on the up. Our survey shows that employers expect and demand digital skills so if you want the best chance of getting a job you need to prove to prospective employers that you have the skills they want.”

respondents state that they do not have the ability to support the hybrid IT environment within a single IT governance framework. The prevalence of big data is also predicted to rise in the next five years. It makes the biggest jump in ranking, with an 8% increase from 30% to 38%. The three biggest challenges IT departments are currently facing are security, cloud and compliance (65%, 36% and 34% respectively). In the next five years, mobility of workforce is going to become of increasing importance, with IT leaders predicting that security (56%), cloud (46%) and mobility (41%) are to become the biggest challenges IT departments face.

Professor calls for return to a ‘simple’ and ‘dumb’ Internet Internet networks are being unnecessarily complicated by router vendors looking to protect their own interests, claims Nick McKeown, Professor of Electrical Engineering and Computer Science at Stanford University at the Institution of Engineering and Technology’s (IET) Appleton lecture. He called for the return of a “simple” and “dumb” Internet that was easy to manage, and argued that software defined networking (SDN) would make this possible. “Although the original infrastructure of the Internet was simple and streamlined, router vendors – or ‘Masters of Complexity’ – have made networking incredibly complicated,” said Professor McKeown. “Their aim is to prevent competitors from entering the market, resulting in a less reliable and less secure Internet whose growth has been restricted.” Drawing comparison with the computing industry’s evolution from one that was closed and verticallyintegrated to one that is open and horizontal, Professor McKeown illustrated that networking is set to follow a similar path, but he anticipates resistance from the major vendors. Professor McKeown believes that the transition to SDN is inevitable, as the technology enables organisations to take control of their networks, improving and tailoring them to meet their specifications. They can also adapt and upgrade networks quickly and easily without affecting reliability. Companies such as Google, Amazon, Facebook and Twitter are deploying SDN, while major telecom companies such as AT&T and China Telecom are following suit.

www.vitalmagazine.co.uk | May-June 2014

News

Growth of demand for permanent IT staff eases from March’s year peak The Report on Jobs, published by KPMG and the REC, showed that growth of demand for permanent IT workers softened slightly from March’s recent peak. Meanwhile, demand for temporary IT staff was slightly stronger than that seen previously. The index measuring permanent IT staff demand registered 68.5, down marginally from 68.8 in March, placing the sector sixth out of nine in the demand for staff “league table”. By comparison, the index for all types of permanent staff in the UK registered 67.3. For temporary IT workers, the index rose from 63.7 in the prior month to 64.0 in April. This was slightly below the UK average of 65.0. The IT category was in fifth place in the demand for temp staff “league table” during the latest survey period. The index tracking demand for permanent employees in the IT and computing sector has signalled stronger growth than

Britain falls back in love with IT In the last year, the IT sector has recovered some of its lustre, according to Randstad Technologies. The annual survey of over 9,215 Brits, recorded an upswing in the attractiveness of the IT sector as an employer over the last 12 months. In a similar poll of 7,001 people carried out in 2013, of respondents who know one or more companies operating in the sector, just 26% of those interviewed said IT was an attractive industry to work in. By 2014, that had risen to 28%. Mike Beresford, MD of Randstad Technologies, said, “The reputation of IT as a career was extremely high in 2011. The constant rise of social networking and the idea of making billions from a new Internet venture had never seemed so real. “The shine came off with the massive hack of the PlayStation Network, which forced Sony to take it – and eventually Sony Online Entertainment – offline, affecting approximately 70 million gamers. That was a PR nightmare for Sony and lost the industry a lot of trust. The industry took a further knock with other high profile failures such as the weeklong Blackberry network outage. “Over the last 12 months we have new entrants taking market share from the industry giants and that’s been led by WhatsApp - doing to SMS on mobile phones what Skype did to international calling on landlines, it’s also made its staff a lot of money. When Facebook acquired WhatsApp for close to $20 billion, staff pocketed a cool $345 million each. “Regular headlines about teenagers earning millions from Apps written in their bedrooms certainly get my children’s interest - at that point careers in IT begin to look increasingly attractive.”

www.vitalmagazine.co.uk | May-June 2014

that for temp staff for four-and-a-half years. Heath Jackson, partner in the CIO Advisory practice at KPMG, said, “With starting salaries rising at their fastest rate for almost seven years and temporary placements in the IT sector stronger than that seen in the previous month, people would be forgiven for thinking that the time is right to change jobs. “After all, for many months the focus has been around how long employees would wait before deciding it’s time to try something new. Yet the truth is far different. The number of people putting themselves on the jobs market has dropped at its sharpest rate since 2004. It is this shortage of skilled labour that is forcing employers to tempt talent with improved pay, rather than new-found confidence.”

University brings Information Security courses to London The University of South Wales is to open a Centre in the heart of London’s Docklands financial district where it will deliver a range of professional level courses in information and cyber security. The new Centre will be the University’s first physical presence in London, and will provide those in the Capital city with access to the University’s recognised specialists in the area of information security. Professor Andrew Blyth, who undertakes confidential work for many Government Agencies, heads information security at the University, said, “Many of the courses we will be delivering at the Centre will be short CPD courses which are currently not available elsewhere in the City. For example, we have one-day courses in ‘Information Assurance Governance’ and ‘Malicious Software Analysis’, which appeal to people working in many sectors who need awareness of information security issues.” One of the range of CPD courses to be offered at the London Centre will be the Tiger Scheme qualification, a commercial certification for technical security specialists. Endorsed by the National Technical Authority for Information Assurance (CESG) and backed by a University-based assessment, the three-day course, which includes both training and assessment elements, is essential for those seeking a clear path for career progression within the industry. MSc courses in Computer Systems Security and Cyber Security will also be run from the new Centre. Professor Julie Lydon ViceChancellor of the University said, “As Wales’s largest university, we are proud to be introducing our new London Centre. Some of our leading academics will be teaching at the Centre, and our students will be able to access a range of learning resources including a fully equipped library, and an extensive range of online support materials.”

News

An analytics culture is key According to new research, managers report that an analytics culture is the driving factor in achieving competitive advantage from data and analytics. The new report, The Analytics Mandate, released by MIT Sloan Management Review and SAS, interviewed more than 2,000 business executives. It also found that companies must continuously innovate with analytics to maintain the edge it affords. David Kiron, executive editor for MIT Sloan Management Review, said, “We found that in companies with a strong analytics culture, decision-making norms include the use of analytics, even if the results challenge views held by senior management. This differentiates those companies from others, where often management experience overrides insights from data.” This study, now in its fourth year, suggests that analytics is no longer a new path to value; it’s a common one. Access to useful information continues to increase, and the vast majority of respondents are investing in their analytical capabilities to leverage their data. “As the use of analytics becomes mainstream, organisations

have to do more to stay ahead of the curve,” said Pamela Prentice, chief research officer for SAS. “Our survey participants recognise this. Nine in 10 believe their organisations need to step up their use of analytics. This is true even among those who report having a competitive advantage.” The study recommends that companies seeking a competitive edge with analytics ask (and answer) these five key questions about their organisation’s culture: • I s my organisation open to new ideas that challenge current practice? • Does my organisation view data as a core asset? • Is senior management driving the organisation to become more data driven and analytical? • Is my organisation using analytical insights to guide strategy? • Are we willing to let analytics help change the way we do business?

Research highlights the dawn of the super user it could have.” The research, carried out in conjunction with the Service Desk Institute (SDI) highlights that Shadow IT remains a continuing issue within 40% of organisations. With 41% of organisations also lacking a formal BYOD policy, Shadow IT may simply result from ambiguity in many cases.

Almost three quarters (73%) of organisations now have self-sufficient IT-savvy employees, super users, who assist other users in the workplace, according to research from LANDESK. However, only half (54%) of organisations are providing their super users with the resources they need to take pressure off the service desk. These super users often solve common problems, helping other employees avoid logging issues formally, thereby allowing the service desk team to focus on more pressing problems such as Shadow IT.

Nigel Seddon, area director, LANDESK, said, “When given the right control, super users can often provision their own software, hardware or other services, administer software updates and can solve simple problems without needing support. “With the right privileges and equipment, a modern day super user can quickly help to reduce pressure on the service desk and, more importantly, help peers with IT. Although organisations are recognising that these users exist, many service desks are still only just on the road to empowering them, despite the benefits

However, being unable to make the most of corporate IT – because of a lack of assistance from super users, for example – may also cause users to bring their own device into work in order to carry out their job with more familiar and easy-to-use IT. Although many organisations are still concerned about BYOD, 29% of service desk teams plan to support it in the future, showing that there is an understanding of the need for change. With the number of devices increasing, and Cisco estimating that by 2020 the average user will have 6.58 devices, service desk teams are already becoming more innovative in the way they enable users and approach challenges.

www.vitalmagazine.co.uk | May-June 2014

Shared Service Management The natural way for all your departments to work together

Let your services ﬂourish with Shared Service Management.

Our software is standardized, modular and scalable. Moreover, it is available

TOPdesk’s service management software features modules that are

both as on-premise and SaaS. This makes it the ideal tool for quickly and

designed speciﬁcally for supporting departments such as IT, FM and

successfully building a shared service centre – no matter your world.

HR. Creating a cohesive work environment has never been easier. Want to learn more? Call us at (0)20 7803 4200 or visit topdesk.co.uk.

Service Management Simplified

News

Big data, analytics: Ticket to strategic relevance for CIOs

Big data is a big opportunity for CIOs. An IDC white paper, The CIO’s Chance of a Lifetime: Using Big Data and Analytics as the Ticket to Strategic Relevance, reveals that today’s data-intensive world provides CIOs the opportunity to support business objectives in a strategic, outcomeoriented way. Sponsored by SAS, the study surveyed 578 IT, line of business and analytics managers and executives. Although big data and analytics are fundamentally transforming business, many respondents struggle to calculate – or even articulate – their value. While 95% saw benefits from analytics, only 31% could actually measure that value. A disconnect exists between IT and lines of business (LOBs). IT is frequently seen as a roadblock rather than an enabler to analytics, leading LOBs to develop workarounds and “shadow IT” approaches. Specifically: • LOBs see faster time to ROI from analytics than IT. • LOBs are actively working with chief analytics officers, while IT is less connected. • IT is less involved in setting analytics strategy than it believes. • LOBs are less satisfied with their collaboration with IT than the reverse. In addition, 38% of organisations said the majority of their analytics staff reside in a centralised analytics group outside IT – that figure would have been close to zero five years ago – with 21% saying that group primarily determines analytics strategy. The survey also found that the culture of an organisation creates significant stumbling blocks. Organisations must overcome resistance by top management, organisational silos and the IT-business disconnect to maximise the benefits of analytics. Alys Woodward, research director at IDC, said, “Analytics gives the CIO the power to make IT a true enabler to business: by providing the framework to access and analyse data that will truly underpin a range of business decisions, from operational decisions to strategic decisions, the CIO has the power to provide unprecedented value to the business. A CIO that truly drives success in analytics - and is recognised as doing this by the business - will never be seen as just a cost center. “IDC research consistently demonstrates a correlation between good use of analytics and strong organisational performance. While the path from information to insight is often strewn with wrong turnings or hopefully small failures, improving decision-making can only benefit the organisation. Analytics is challenging, but worth the effort.”

The devastating effect on business when core systems fail

A new study, released by Globalscape, reveals alarming details about the devastating effect on business when core systems fail. The survey of 283 IT professionals and business end-users found that nearly 90% of organisations unexpectedly lose access to critical systems, including mail servers, back-end processors, and file servers, and almost a third deal with downtime issues at least once a month. “Downtime, while understood to be tremendously costly and frustrating, has become commonplace and even expected in the enterprise,” said James Bindseil, president and CEO of Globalscape. “Oftentimes, downtime can be avoided, and companies should expect more from their vendors.” Beyond the obvious loss of employee productivity, IT executives shared the costly and widespread ramifications of downtime on their businesses. Of those who responded: • 76% said downtime frustrates their end-users. • 43% lost crucial data or important communications. • 52% said their workforce has been unable to send or receive critical, timely files. While lost files or delayed emails may not have an “assigned” value, per se, every minute that a core system is down costs companies money. The survey found that 60% of enterprise employees who estimated the financial cost of downtime on their organisation said that a single hour without critical systems costs their company between $250,000 and $500,000 – and one in six reported that one hour of downtime can cost $1,000,000 or more. Despite what end-users might think, IT isn’t always at fault when core systems go down. More often, servers become overloaded, shutdown, and require manual intervention before the system is restored. To avoid the issue, many enterprise IT professionals use activeactive or active-passive clustering, but active-passive environments can still leave companies at risk. In fact, survey respondents who have active-passive clustering environments reported losing 34% more data and critical emails than those respondents who have active-active clustering environments.

www.vitalmagazine.co.uk | May-June 2014

Viewpoints

Prevention is underrated By Andrew Vermes

nice lunch in Dublin this week reminds me that everyone has the same concerns, more or less.

An old friend working in the pharmaceutical industry has just changed the job to operational excellence director. Opex, as it’s sometimes shortened, is very like problem management: tasked with cleaning up messes, and making sure they never happen again. The same challenges and difficulties face them as they work: How to get away from constant fire-fighting and get on with proactively preventing incidents from starting; and how to demonstrate their value to the business, particularly to that group of senior stakeholders whose attitude to problem management is “Never mind all that, just get it restarted.” Now we all know that a stitch in time saves nine, but the question for many new problem managers is how to get started when faced with a backlog of aged problem tickets; most of which lack the data needed for root cause and little hope of getting any data until the incident recurs. One answer is to start with work that is worth doing, which nobody else seems to be paying attention to. This isn’t about KPIs and metrics; it’s about making a difference, wherever you’re able.

Pro-active thinking This is the kind of attitude we need to encourage: A transaction processing house-card payments from merchants come through to be authorised, then forwarded to the issuing bank so that the shop is credited and you and I are debited. On the night shift, there was a momentary spike in declined transactions. Declines happen for many reasons, but any sudden increases in this (and several other metrics) will prompt the creation of an Incident. Having said that, a small spike on the night shift is easy to miss. This one was picked up. It looked like nothing, but the duty problem manager decided to look into it, finding that the declines were all linked to a single cash machine. He felt it was very likely that several stolen cards were being tried in the same machine. The PM quickly called the police, who were able to identify the gang from the CCTV feeds and made several arrests. This is just one of many examples of the kind of curiosity we need to foster to create the kind of problem management that delivers tangible results. Why doesn’t this happen? Why is prevention such a hard act to start and sustain? There are two answers to this: one practical and one philosophical.

Practical answer A practical point is that effective prevention, ie. real problem management, is completely disabled by the usual KPIs. Here are some common KPIs in use: • The percentage of root causes found.

www.vitalmagazine.co.uk | May-June 2014

The difficulty with prevention is that you rarely find out whether your prevention was necessary; it might all have been ok anyway • The number/frequency of updates. • Time to root cause. • The number of incidents per root cause. The problem here is that it takes people’s eyes off the ball… Have we noticed that there’s a problem at all? Have we managed our resources well, in fixing those causes, which result in the greatest business impact? How certain are we that we have found and corrected the causal factor(s)? And, are we doing this before incidents happen at all?

Philosophical answer Looking at it more philosophically, the difficulty with prevention is that you rarely find out whether your prevention was necessary; it might all have been ok anyway. The response to Q2K was typical: “Why did we waste all that money on risk assessments and disaster recovery? Nothing happened.” The tough question is “How much does it matter if it all goes wrong?” The prevention is worth the effort if the value at risk is great enough.

Make yourself useful Back to a suggested starting point: If your PM team is struggling to make an impact, start looking for cases where you can do something useful: • Higher priority incidents: Often the pressure to restore is high, so people don’t get round to looking for diagnostic information before reboot. Start your PM activity right at the outset of the incident. • Core systems and assets: Wherever there’s a bottleneck for data, it’s worth paying attention. Identify what kinds of early warning signals you need to pay attention to, and make it your business to be first on the scene whenever anything unusual starts happening. • Projects and changes: The majority of changes have relatively poor risk assessments. You can go one better, and be ready with a robust mitigation plan when it all goes wrong.

Viewpoints

Bletchley Park – lessons to learn from the past? By Jonathan Westlake IT news items caught my attention during the first T wo quarter of 2014. Firstly, the much publicised high profile project failures, ranging from the BBC digital archive, MOD online recruitment system to the continuing problems with the electronic overhaul of the NHS. How come, in this day and age, with all the technology we have at our disposal, these failures can still occur? Secondly, news of the highly secret work that occurred at Bletchley Park (Station X) during WWII. Bletchley Park has recently attracted much needed lottery funding and, slowly, the site is being given much needed restorative attention as the story has unfolded. During April, I visited Bletchley Park and The National Museum Of Computing (TNMOC), in Buckinghamshire, with my local branch of the British Computer Society (BCS). As you would expect, an inspiring day ensued, particularly standing on the step of Alan Turing’s hut (yet to be restored). TNMOC not only has a working replica of WWII Colossus and Tunny machines, but rooms full of computer technology from the 60’s right through to modern day technology; a treat for all ages interested in computing. The volunteers at TNMOC continue to do an admirable job in preserving and articulating computing from over the last 60 plus years. I would recommend a visit to both.

Past vs. Present On the bus journey home, I started to reflect on what I had really seen and what, if at all, was the legacy of the efforts made by the staff of Bletchley Park and TNMOC. Was it only history I had experienced, or were there lessons for modern day IT project management? Did anything rub off from my visit that might change me as an IT professional, i.e. could I change my conduct/approach in some way for my next IT project? Of course the context of the work was life or death in a war setting, but given that, were the circumstances any different to what we face in business today? The same parameters exist today, including timescales and deadlines, a project team of disparate skills and abilities; funding; support from the hierarchy and the need to manage the project. Somehow, the Bletchley team succeeded against all the odds and I would argue that the following attributes are evident from that time: • Teamwork with a partitioned structure. • Understanding data. • Data handling, particularly incomplete data and quality control.

TNMOC not only has a working replica of WWII Colossus and Tunny machines, but rooms full of computer technology from the 60’s right through to modern day technology; a treat for all ages interested in computing • Technical ingenuity. • Limited budget/scarce resources. Necessity drove efficiency and innovation. If only we could instill some of these attributes in modern day large scale or government IT projects, and avoid some of the recent project disasters? Having studied the fall-out from the BBC, MOD and NHS projects, the problems that have occurred include lack of understanding of the complexity of the problem; user requirements; and technical difficulties and business process transformation issues. The money spent on all three projects has been startling, but has not bought the surety of project completion. Perhaps there are lessons for the modern day IT project. This is what I found most interesting about my visit and they boil down to the obvious: People management and team formation. Did my visit change me? Yes, I think so. My advice to you is to go and visit the museums and make up your own mind.

www.vitalmagazine.co.uk | May-June 2014

V ITAL executive debates Offering you the key to successful solutions

• One-day event • Monthly • Lunch & refreshments provided • Central London venue • Network with like-minded individuals • Cutting edge content

For more information, contact Swati Bali on +44 (0) 203 668 6946 or email: swati. bali@31media. co.uk

Organised by 31 Media, Publishers of VitAL Magazine www.31media.co.uk

T H I R T YO N E

VitAL News Feature

Major software glitch at the heart of the Internet Sophie-Marie Odum speaks to Trustwave’s security research manager, John Miller about how criminals can use the Heartbleed bug to launch an attack, and what businesses and individuals need to do to protect their valuable data…

Heartbleed is a significant security event, one of the most severe in quite some time. SSL/TLS is a building block of secure Internet communication and the OpenSSL library is the most widely used implementation. The effects of Heartbleed will be felt for many months to come been over a month since news emerged that a I t’smajor security flaw at the heart of the Internet, termed Heartbleed, may have been exposing users’ personal information and passwords to hackers for the past two years. However, because the bug leaves no trace and there is no way to know what information was obtained, we may never know its full impact. Heartbleed is a bug in the OpenSSL library that allows an attacker to extract small amounts of random memory from an affected process. The disclosed memory may contain sensitive

user information such as passwords, payment card details, or session identifiers that would allow an attacker to impersonate a logged-in user. The bug may also leak the private keys of an affected server’s SSL certificate, allowing the attacker to decrypt traffic to and from the server or impersonate the server in a Man-in-the-Middle attack. OpenSSL is the technology behind the TLS/SSL protocol that many take as a sign of trustworthiness and reputability when browsing the Internet. It is used by many websites to encrypt data, which is why the Heartbleed bug is arguably one of the most significant developments in the history of website security. It has potentially affected millions of websites. However, www.vitalmagazine.co.uk | May-June 2014

VitAL News Feature

because OpenSSL is not just used for web sites, the bug could affect other services such as email servers or network appliances like firewalls and routers. “Heartbleed is a significant security event, one of the most severe in quite some time,” said John Miller, Trustwave’s security research manager. “SSL/TLS is a building block of secure Internet communication and the OpenSSL library is the most widely used implementation. The effects of Heartbleed will be felt for many months to come.”

The one silver lining to this vulnerability is that it gives users the opportunity to rethink their best security practices. It’s time to get rid of the weak “Password1” and create a complex password

After the flaw came to light, Internet users were urged to change all online passwords, creating widespread panic; and corporations worked to identify points of vulnerability, creating software patches, and updating passwords and encryption keys. So, moving forward, how can businesses and individuals ensure they remain secure?… Sophie: What do businesses and individuals need to do to protect their credentials, payment card information and other valuable data? John: Business need to identify any use of affected versions of OpenSSL in their environment, apply patches to remediate the bug, and revoke and reissue their certificates. They also need to be aware of third-par ty services that hold sensitive information and may have been affected by Hear tbleed. Businesses need to work with their outside par tners to identify any data risk associated with Heartbleed and ensure remediation has occurred. Patching any vulnerable OpenSSL instances is the first step in closing the Hear tbleed hole. Once patched, new cer tificates should be issued and the potentially compromised cer tificates revoked. Only once these steps have been taken should business or individuals change their passwords. Doing so before remediation is complete actually increases the potential for compromise. The one silver lining to this vulnerability is that it gives users the opportunity to rethink their best security practices. It’s time to get rid of the weak “Password1” and create a complex password. Strong passwords consist of at least 10 characters and a mix of numbers, letters and symbols. Businesses and users should also deploy two-factor authentication. Two-factor authentication provides an additional layer of security in case users’ credentials are compromised. For individual consumers, more websites are offering two-factor authentication, which is typically under the “settings” feature. Extending beyond Heartbleed, businesses should have a defense-in-depth strategy, using multiple approaches to security to help slow attacks; detect when they are in progress or have occurred; and provide the tools to respond. Firewalls, secure web gateways, and secure email gateways can help limit the exposure an organisation has to an attack. Anti-malware technologies such as gateways detect and filter out malware in real-time so they are an essential component in protecting against sophisticated malware attacks. Also, many businesses are finding that they do not have enough

www.vitalmagazine.co.uk | May-June 2014

manpower or the skillsets needed to manage their security. If that’s the case, they should consider augmenting their in-house IT team by partnering with an outside team of security experts whose sole responsibility is to install, fine tune, monitor and manage their security technologies and services. This kind of managed security model enables the in-house IT team to focus on other revenue-generating projects while the third party security experts focus on security.

Sophie: Are businesses susceptible to future attacks? John: There are two primary vectors that future attacks could leverage from data leaked via Hear tbleed. Any stolen credentials or session identifiers could be used to perform actions as the affected user. This could lead to additional data disclosure or other repercussions depending on the services affected. Changing passwords after the bug has been remediated is the best course of action for end-users. The second attack is for an adversary to use compromised certificates to perform Man-inthe-Middle attacks, whereby they can impersonate the affected organisation and capture traffic nearly imperceptibly. Revocation of the certificates addresses this vector, but does rely on the client software to validate a certificate’s legitimacy. Sophie: Heartbleed has raised debate about the testing of open source software – is professional open source code testing necessary? What are your views? John: All software development processes are vulnerable to human error, whether open or closed source. Software bugs, while unfortunate and sometimes very damaging, are a fact of life. Open source products, especially those used widely and focused on security, need as much review as possible by skilled and experienced individuals. This testing is often limited by funds available to non-commercial projects like OpenSSL. While the use of free libraries is often a cost effective way to implement features in a product, organisations utilising open source code need to contribute back to the projects; either in time reviewing and adding to the project, or through direct financial support. Sophie: Tools currently available, which claim to patch vulnerability, have been said to not fix the problem but instead make it worse – Do you have any advice for businesses? John: Organisations need to work with their vendors to identify which products they use may include vulnerable versions of OpenSSL and how to remediate. Because of the widespread use of OpenSSL across a variety of devices and software, it is difficult to give specific recommendations. In all cases where a vulnerable version of OpenSSL was in use, the basic steps are the same – remediate the vulnerability, revoke/reissue certificates, and change passwords.

VitAL News Feature

Whilst it may be tempting for businesses to try and remain on Windows XP, it will very quickly become a ‘legacy operating system’ and will be prone to issues which Microsoft will no longer fix

Have you migrated? On April 8th 2014, Microsoft ended its support of Windows XP. However, worryingly many businesses still have not yet switched operating systems. Sophie-Marie Odum investigates…

estimated one quarter to one third of the world’s A ndesktops run XP, but since April 8 2014, Microsoft

Microsoft issues going forward, and attempt to create exploits that also work on XP.

no longer issues security updates for vulnerabilities in XP.

Some companies have not yet migrated due to the assumed, associated high costs, and others think it will be just like the Millennium Bug, when they spent millions on fixing an issue that didn’t turn out to be nearly as bad as forecast. So they aren’t going to bother migrating at all... Maybe it will, but does anyone really want to risk that?

This largely affects businesses that are using Point-of-Sale (POS) devices to complete payment card transactions. While most businesses are probably aware that they are running XP on their desktops, many may also run XP on their POS systems and do not even realise it. Criminals are already a step ahead, most likely hoarding a number of exploits and zero-day attacks that they’ll launch now patches have stopped coming in. But even more likely is that, due to shared coded bases between XP and newer versions of Windows, attackers will reverse engineer patches that

However, Richard Acreman, CEO of technology services company, WM360, thinks it’s important for businesses to take this seriously. He said, “With Windows ending its support for XP, having the latest operating system is more important than ever for businesses, since Windows 7/8 can ensure a much more secure base for the company.

www.vitalmagazine.co.uk | May-June 2014

VitAL News Feature

When looking to migrate onto the new Windows 7 or 8, businesses need to ensure they have appropriate security measures in place “Whilst it may be tempting for businesses to try and remain on Windows XP, it will very quickly become a ‘legacy operating system’ and will be prone to issues which Microsoft will no longer fix.” Migrating from Windows XP is also a question of IT asset management. 8th April 2014 was a fixed date for support to end, so it was hoped that IT departments would have looked at this ahead of the deadline and migrated slowly and effectively rather than as a knee-jerk reaction.

Survey results The Global Security Survey, sponsored by Dell, interviewed 1,440 IT decision makers across 10 countries. The purpose of the survey was for Dell to get an insight into how organisations are preventing security breaches; how companies are protecting themselves from potential vulnerabilities associated with the adoption of cloud, BYOD and the Internet of Things; get an insight into organisations’ level of understanding of both known and previously undetected threats; and establish how much of a priority IT security is for companies. According to the survey, 87% of respondents’ organisations have experienced a security breach, and the most common cause for breaches were “malware, virus and intrusions” (47%); outsider attacks (46%); and user error (33%). Furthermore, 11% were able to identify a security breach immediately and only 23% of companies would “immediately” respond to a breach. The survey also found that 17% of IT spend is allocated to security; with the UK spending the least on security as a proportion of overall spend (12%). The USA spends the most (21%). However, in the next two to three years, 68% of UK businesses plan to increase their spend on IT security, and 79% will be prioritising security next year. Interestingly, it is the very large enterprises, with 10,000 plus employees, (48%) that have the least confidence in their security systems being equipped to deal with future challenges. Companies with 3,001 to 5,000 employees were the most confident. And 60% of organisations have long-term security strategies in place and are equipped to tackle future challenges. In regards to a fully-trained and well-equipped team, 67% of respondents say they have increased funds spent on education and training of employees in the last 12 months. Hopefully this will go a long way in ensuring that the

www.vitalmagazine.co.uk | May-June 2014

workforce has the security skills capability to meet the evolving needs of businesses.

Addressing BYOD Acreman added, “When looking to migrate onto the new Windows 7 or 8, businesses need to ensure they have appropriate security measures in place. For example, with the rise of BYOD, it’s essential that businesses deploy locationbased services to track all employee devices, check devices are up-to-date and ensure there are no threats or malware on them.” Cloud is not a top security concern for UK businesses today – “losing critical business data” (UK 54%); “employees inadvertently taking data outside corporate networks” (UK 35%); and “data loss on mobile devices” (UK 32%) are of greater concern. In regards to data loss on mobile, 71% of UK businesses ranked “increased use of mobile” as the top threat to their IT security in the next five years. This helps to explain why the UK stands out as the most reluctant to enable workers to access company networks using personal devices. 61% of UK organisations are currently implementing “secure mobile and/or remote access” security measures. “In addition, all documents and applications must be backed-up in a safe and secure way to ensure that no data leakage or loss occurs when moving operating systems,” continued Acreman. “Such practices are crucial to the central management of any business, but even more so when undertaking the huge task of migrating onto a new operating system.”

Extension to malware protection Despite the fact that Windows XP Support for Anti-Malware protection has been extended by Microsoft until July 2015, all other deadlines remain unchanged. Companies still operating XP will not receive any security updates or non-security hotfixes and can no longer obtain support from Microsoft for XP, either free or paid. So if you have migrated the journey continues, and if you are yet to start then don’t delay as you could be exposing your organisation to numerous vulnerabilities, which will leave your business seriously at risk.

VitAL Report

Cost of business cyber security breaches rises VitAL Magazine investigates a survey, which reveals that the scale and cost of cyber security breaches has almost doubled…

number of information security breaches affecting UK T hebusinesses has decreased over the last year, but the scale

and cost of individual breaches has almost doubled.

The Information Security Breaches Survey 2014, commissioned by the Department for Business, Innovation and Skills (BIS) and carried out by PwC, found that 81% of large organisations suffered a security breach, down from 86% a year ago. 60% of small businesses reported a breach, down from 64% in 2013. Although organisations are experiencing fewer breaches overall, the severity and impact of attacks has increased, with the average cost of an organisations’ worst breach rising significantly for the third consecutive year. For small organisations, the worst breaches cost between £65,000 and £115,000 on average, and for large organisations between £600,000 and £1.15 million. The majority of businesses have increased IT security investment over the last year.

“Breaches are becoming more sophisticated” Universities and Science Minister, David Willetts, said, “These results show that British companies are still under cyber attack. Increasingly those that can manage cyber security risks have a clear competitive advantage. “Through the National Cyber Security Programme, the Government is working with partners in business, academia and the education and skills sectors to equip the UK with the professional and technical skills we need for long-term economic growth.” Andrew Miller, cyber security director at PwC, added, “Whilst the number of breaches affecting UK business has fallen slightly over the past year, the number remains high and, in many companies, more needs to be done to drive true management of security risks. “Breaches are becoming more sophisticated and their impact more damaging. Given the dynamic nature of the risk, boards need to be reviewing threats and vulnerabilities on a regular basis. As the average cost of an organisation’s worst breach has increased this year, businesses must make sure that the way they are spending their money in the control of cyber threats is effective. “Organisations also need to develop the skills and capability to understand how the risk could impact their organisation and what strategic response is required.” 70% of companies that have a poor understanding of security policy experienced staff related breaches, compared to only 41% in companies where security is well understood.This suggests that communicating the security risks to staff and investing in ongoing awareness training results in fewer breaches.

The National Cyber Security Strategy The survey also found that there has been an increase in the number of businesses that are confident they have the

skills required within their organisations to detect, prevent and manage information security breaches – up to 59% from 53% last year. Ensuring that we have the cyber skills capability to meet the evolving needs of businesses is a key objective of the UK’s National Cyber Security Strategy. Earlier this year, the Government unveiled a raft of new proposals to meet the increasing demand for cyber security skills. The proposal included a new higher-level apprenticeship; special learning materials for 11-to 14-year-olds; and plans to train teachers to teach cyber security. Earlier this year, the Government launched a new scheme to help businesses stay safe online. Cyber Essentials provides clarity to organisations on what good cyber security practice is, and sets out the steps they need to follow to manage cyber risks. From this summer, organisations that have complied with the best practice recommendations can apply to be awarded with the Cyber Essentials Standard. This will demonstrate to potential customers that businesses have achieved a certain level of cyber security and take it seriously.

www.vitalmagazine.co.uk | May-June 2014

VitAL Report

Wearable technology boosts productivity Wearable technologies can boost employee productivity by up to 8.5%, according to a new study. VitAL Magazine reports…

University of London, have launched G oldsmiths, findings from a study analysing the impact of wearable

technologies in the workplace. The Human Cloud At Work (HCAW) research, which looked at employee wellbeing, productivity and job satisfaction, found that wearable technologies could boost employee productivity by 8.5%.

The HCAW report is part of a two-year collaboration between Rackspace, the open cloud company, and the Institute of Management Studies (IMS) at Goldsmiths, which investigates cloud-enabled wearable devices and their impact on UK businesses and consumers. In addition, HCAW revealed that wearing wearable technologies increases job satisfaction by 3.5%. Dr Chris Brauer, lead researcher, said, “These results show the potential power and application of wearable devices in the workplace from employee biometric CVs to organisational realtime executive dashboards for resource allocation. “Wearable technologies are arguably the biggest trend since tablet computing, so it’s natural that employees and businesses will look to use these devices in the workplace. Using data generated from the devices, organisations can learn how human behaviours impact productivity, performance, wellbeing and job satisfaction. “Employees can demand work environments and hours be optimised to maximise their productivity, and health and wellbeing.”

Delivering measureable benefit Overall, the results of the study show that cloud technology is powering the wearable technology revolution – providing rich insights from big data and giving firms, employees and consumers information they can use to make positive changes to performance. The focus on having the necessary IT in place to extract meaningful insights from the data is a key finding from the HCAW study. The research found that one employee created upwards of 30GB of data per-week from the three wearable devices. Scaled across an organisation, this is clearly a huge amount of information that needs to be captured, stored and analysed. Nigel Beighton, UK CTO of Rackspace, added, “Many wearable technologies are focused on improving some aspect of an individual’s life – whether it is for health and fitness, focus and concentration, productivity or job satisfaction. “The big step change for both individuals and businesses is being able to analyse the raw data, and understand the wider

www.vitalmagazine.co.uk | May-June 2014

By focusing on the data, as well as the devices, wearable technologies can provide meaningful insights that can be used to improve performance and satisfaction. Essentially wearable tech and big data go hand-in-hand context surrounding the data, such as the weather, location, posture, even temperature and mood of the individual. “By focusing on the data, as well as the devices, wearable technologies can provide meaningful insights that can be used to improve performance and satisfaction. Essentially wearable tech and big data go hand-in-hand.”

IT infrastructure According to another study by Vanson Bourne of 300 IT decision makers in the UK, 29% of UK businesses have some form of wearable technologies projects in practice. The main reasons for such projects are employee wellbeing (16%); instant access to important information (15%); and improved customer service (14%). The greatest perceived barrier to entry for wearable technology at work was having an IT infrastructure that could take advantage of the data being collected and analysed (20%).

IT Infrastructure

Architecting visibility into networks You can’t manage what you can’t see, says Roark Pollock,VP Network Visibility. He explains why network visibility is key for businesses… is a rapidly evolving and changing Networking landscape.We’ve quickly moved from moving bits and bytes from workstation to workstation to providing powerful applications and services to millions of consumers. Network speed and bandwidth requirements have grown exponentially, and new traffic types appear daily. A functioning network is a crucial and necessary part of running any successful business in any market. IT organisations are tasked with providing their customers with connectivity for communication and for their business critical applications. Customer expectations are now higher and more service-focused – infrastructure and simply creating a functioning network are mere “table stakes” in the network management game. In order to meet these new demands for impeccable service, IT organisations must deal with a myriad of dynamic forces that challenge their ability to meet expectations: • Growth Growth encompasses all aspects of networking; from new users, new applications and services, new use cases, faster processing, migrating networks from 1GE to 10GE to 40GE

and even 100GE. In each case, change must be executed without a dip in “normal” service levels. The network must always be in a “stable and reliable” state. • Mobilisation People no longer expect to access the network from only one location. They expect to interact with data wherever they are. • Technology changes With every new demand, new technology is created to meet the demand. Such advancements as virtualisation, cloud services and software defined networking (SDNs) must be seamlessly integrated without service disruptions. • Security Bring your own device (BYOD), social networking, a mobile workforce and new services open up weaknesses in security defenses. With our ever-increasing use of networking, intrusions and exploits promise to compromise security measures. Network operators must continually monitor all these areas for signs of trouble. Excuses – no matter how valid – won’t help after the fact. In order for IT to plan appropriately, and troubleshoot, isolate and diagnose potential problems with the network or

Network visibility implementations should address the people, processes, and technology issues facing IT organisations today. Successful visibility must be manageable, scalable, automatable, and flexible – all while remaining simple and cost effective 22

www.vitalmagazine.co.uk | May-June 2014

IT Infrastructure network functions, they need visibility into the packets, sessions and applications traversing the network. In general, IT organisations have embraced virtualisation as it has many cost and scale benefits. Traffic between virtual machines (east-to-west traffic) has soared to more than 50% of all traffic on the network. This traffic increase creates a new kind of blind spot with new security and compliance challenges – how do you monitor data that does not physically exit the server? IT not only needs access to traffic on the physical network, but they urgently need access to traffic between virtual machines on the same server. Additionally, security is a primary initiative for IT organisations. There is a growing need to protect against ever-evolving and more sophisticated threats. Making matters worse, the one area of growth IT organisations don’t have is budget to purchase enough tools to provide complete visibility across their network.They often don’t have budget to upgrade or replace their existing tools to higher speeds as networks upgrade from 1GE to 10GE or 40/100GE to match the growing demand for communication bandwidth.

A better way to see Network and application security and visibility is not a luxury, but a necessity. What operators need is to architect visibility into their infrastructure – creating a smarter, more innovative approach to true end-to-end visibility that is simple to use, easy to scale, and provides immediate ROI using existing monitoring investments. This type of visibility is a holistic approach to network and application monitoring that controls costs and administrative burdens, while optimising the investment value of monitoring and security tools. It helps speed application delivery and enables effective troubleshooting and monitoring for network security, application performance, and service level agreement (SLA) fulfilment — and allows IT to meet compliance mandates. Network visibility implementations should address the people, processes, and technology issues facing IT organisations today. Successful visibility must be manageable, scalable, automatable, and flexible – all while remaining simple and cost effective. • Manageable It must be designed foremost to help people with their problems while fitting into their existing processes. Integration into business processes must be seamless and easy, and for example must work with current network management system (NMS) and service provisioning and orchestration systems. User authentication and access control features should be supported to meet compliance and security needs. • Scalable As the network and application infrastructure grows, the need to monitor and secure the infrastructure will also grow.Visibility must easily scale to match this growth; but cost effectively! Managing visibility should increase complexity as new applications and technologies are added. It should be able to accommodate this growth in both the physical and virtual network realms. • Automatable As the network grows more complicated and technologically diverse, automation becomes essential for enabling IT to

How do you monitor data that does not physically exit the server? IT not only needs access to traffic on the physical network, but they urgently need access to traffic between virtual machines on the same server manage security, ensure application performance and end-user experience in real-time. Automation is a key to visibility, as it helps reduce risk by automatically reacting to application issues and security threats in real-time. Visibility must be able to automate these processes or alerts, and be able to dynamically control the data sent to tools as well as reduce risk by enabling security tools to enforce security policies in a dynamic environment. • Flexible Networks are always evolving and changing by adding new processes, new services and applications, more users, new technology, etc. This change is constant. Visibility must adapt to this change without complications while supporting a path to future needs. For example, a new application may come online that generates a new type of traffic. A new VLAN may be added to carry this new application. A new monitoring tool may be added to the network that needs to look specifically at this new application. It is important that as these changes occur, the visibility products do not require manual reconfigurations to account for broken traffic filters. • Simple Keeping up with the changes and new technologies in your network is complicated enough.Visibility must fit within your organisation’s processes, have an intuitive, visual interface anyone can use, and provide timely feedback confirming proper operation – otherwise it is just another liability to be dealt with. Proper visibility must be recognised by the users as the easiest solution to fixing network problems when they arise.

Change is coming Change is coming to networks faster than ever before. While growth is a new constant in most networks, it is being compounded by new regulations; virtualisation of workloads and services; changing security needs; and migration of applications between data centres and the cloud. IT needs end-to-end visibility, meaning tool access to any point in the physical and virtual network. But more than that, IT needs control. This control comes from architecting a well-constructed visibility plan. This type of visibility helps gain visibility into both physical and virtual traffic, ensuring monitoring tools always get all the data they need for true endto-end visibility and insight. Visibility solutions must be flexible enough to accommodate needed changes, yet simple enough to manage what you need when you need it. They must better leverage existing monitoring and security tools even while migrating the network to higher speeds. With well-thought out and architected visibility solutions, IT can ensure that they will deliver better end-customer experience.

www.vitalmagazine.co.uk | May-June 2014

B US I N E S S SOLUTIONS

Empower the end user. Introducing MyIT, a seamless way to deliver self-service IT and put your users in control. It’s the fastest way to give your users something to be happy about, while freeing up IT to make an even bigger impact.

MyIT means happy users and more productive IT MyIT is a consumer-like app that transforms business users’ IT experience. It's easy and intuitive, IT users will actually want to use it... Finally, a modern enterprise solution that helps business and IT work together. FInd out how Fusion Business Solutions can help you integerate BMC MyIT to meet the changing demands of service delivery with a new approach to IT self-service. For more information, visit www.fusion.co.uk/try-myit today and to request your free trial. Contact Parm Powar at Fusion for further information on +44 208 814 6162 or email parm.powar@fusion.co.uk

About Fusion Fusion is a Service Management and IT Operations specialist that uses our highly experienced and trained staff to help IT organisations improve their service performance, quality and efficiency. We are a trusted advisor to over 200 organisations helping them transform their IT departments using world-class IT Management software from companies like BMC Software. We have offices in England, France, America, Bulgaria and India. We help organisations transform and improve their Service Management and IT Operations processes to gain superior performance and efficiency through advisory and strategy services like Benefits Realisation, Service Transformation, Data Centre Optimisation and Green IT Consulting. We help organisations "industrialise" their IT Operations to improve productivity.

+44 208 814 4888

fusion.co.uk

info@fusion.co.uk

@fusion_ITSM

IT Infrastructure

Simplifying the conversation Graham Brown, managing director of Gyrocom, suggests how to best reduce IT wastage and gain optimum IT spend, delivering significant savings whilst protecting performance and reducing your carbon footprint…

triking the perfect balance between application performance and IT efficiency is difficult. Having too much is much better than not having enough, but this isn’t healthy for the corporate waistline and is a contributing factor in IT being one of the largest sunken costs on an enterprise balance sheet today.The IT industry is bloated and wasteful and isn’t set up to deal with today’s consumption economy. It doesn’t have to be like this and there is a better way – the key is in simplifying the conversation.

IT infrastructure should be considered a utility but isn’t. After all, it isn’t something that an organisation gains direct value from, but it is an enabler for quick and easy information access. The reason it isn’t considered a utility is due to the way we have been taught to understand IT consumption.

Measuring IT IT thinks in terms of Gigahertz, Megabytes, IOPS, and Kilobits per second, whereas true utilities have much simpler methods to measure consumption. Electricity is measured in Kilowatt-hours and not in the weight of coal required to fire a generator. So why isn’t IT infrastructure measured in this way? We are still trying to measure the underlying raw materials and not the consolidated output. The way IT infrastructure is consumed when viewed in this manner means things can get pretty complicated pretty quickly and remains a purely technical discussion. Plenty of challenges exist when considering available CPU cycles, memory, disk and network bandwidth independently, never mind all at the same time. Additionally, in the larger organisations these resources are typically managed independently across multiple technical disciplines - systems, storage and networks. In practise this complexity is difficult (and expensive) to manage effectively, and it is often much simpler to overprovision capacity in order to safeguard acceptable performance. By applying a consolidated measurement of IT consumption that takes into consideration all of the IT resources required to support an application, it is possible to dramatically simplify this problem. It is possible to quickly identify how much you have, how much you need, and how much you waste in a language that the business can understand. This approach provides clarity, removes conjecture and

IT infrastructure should be considered a utility but isn’t. After all, it isn’t something that an organisation gains direct value from, but it is an enabler for quick and easy information access

empowers the organisation’s technical investment decisions. We like to call this “evidence-based wisdom” and it can save organisation’s millions of pounds in unnecessary IT investment. It also helps an organisation identify an ideal state that the business no longer feels disenfranchised from. It’s a single threaded discussion based on a consolidated and quantified requirement – simple! What does “good” look like? However, identifying “what good looks like” is only part of the problem. There has to be a mechanism to get there and there has to be a mechanism to stay there in order to recognise true value. The ideal picture of the future has limited practical value if you cannot define the detailed journey to take. It’s important to recognise that the underlying technology of the data centre has evolved and as such the processes required to manage the data centre need to evolve too. Cloud and converged infrastructure technologies bring huge benefits to an organisation, but they also bring a degree of complexity that has not been seen before. They help move an organisation closer to the efficient utility model, but require a different approach in management. The quantity and complexity of decisions that are required in order to keep a converged infrastructure in a state of efficiency requires a different way of thinking. It is now beyond the capability of the human interface to manage alone. Few organisations recognise this and it is the main reason inefficiency reappears.

Automation? Automation is key! This is not to say we walk into to work on a Monday and implement some wiz bang technology and then just simply take our hands off the handlebars. It’s a gradual process and it starts with the small stuff. Like anything else, confidence needs to be gained over time, but processes such as regaining overprovisioned resources shouldn’t be manual in the long run. Equally, neither should the process to assign new resources to applications that need them. If these processes are manual then they either don’t happen or take too long to implement and one of two things happen – inefficiency creeps back in or application performance is impacted. Neither of these states is ideal and it doesn’t have to be that way.

www.vitalmagazine.co.uk | May-June 2014

HP Service Manager HPâ&#x20AC;&#x2122;s next generation IT service management solution Proven ITSM software, that works harder than the competition at an affordable price

For a free ROI report, contact us now on 0845 619 3111 â&#x20AC;&#x201C; ask to speak with John Brookes or email us: info@wmpromus.com

w w w. w m p r o m u s . c o m

IT Service Management

The changing face of remote support VitAL Magazine speaks to Stuart Facey of Bomgar to find out if service desk teams are set up to cope with the increase in enquires about mobile devices... to research from Gartner, fewer than 10% of A ccording calls to the service desk are currently to do with mobile

devices. However, this is set to grow to more than 25% of all calls by 2016. Will service desk teams be able to cope with this change? And how will service desk managers have to change their strategies in future? Will the change in calls that Gartner predicts really come to pass? If it does, what will the impact be?

Stuart Facey (SF): I’m surprised it’s not higher already, to be honest. So many people are using their own devices to extend how and when they work today, and when they get to something they can’t solve on their own, their first impulse should be to contact the service desk. This might be additional workload for the support team, but it is better than the alternative – users trying to help themselves and risking data loss or insecurity through not understanding the implications. Service desk teams should therefore try to take a proactive approach to supporting mobile devices. As enterprise applications become more complex, I expect support call volume will continue to grow. But these calls will likely be less about the hardware – phones and tablets are pretty simple in that regard – and more about the applications and device configuration. Being able to support applications running on any platform will therefore be essential in the future. Will Mobile Device Management (MDM) be enough to bring mobile working back under control? SF: MDM and remote support complement each other. MDM tools are typically designed for provisioning and managing devices en masse, while remote support is used to troubleshoot one-off incidents that occur with individual devices. Keep in mind that some mobile platforms, such as iOS, restrict full screen-sharing capabilities, so IT organisations should look at remote support from both a hardware and application level. Embedding a remote support tool into custom enterprise apps will allow the support team to view and resolve issues with that application, even if it’s running on a more restrictive platform.

I think how the service desk measures itself around mobile will change, and this will be part of a wider shift on how service desks will support employees What does the future hold for service desks around mobile? SF: I think how the service desk measures itself around mobile will change, and this will be part of a wider shift on how service desks will support employees. Part of this is that there are new options for how service desks deliver support, like chat and collaboration technologies alongside traditional phone or email support. These new options will have an impact on the overall mix. Secondly, I predict that the overall volume of calls will come down as more of the simple problems that the service desk has to deal with will either cease, or become automated through more use of self-service. Take password reset requests for example – these would not be coming through to service desks in the future, and users can sort themselves out. This takes away a large percentage of potential calls, leaving the ones where users really require assistance. Thirdly, I think there will be much more requirement for collaboration around support. Almost all enterprises have outsourced some part of their IT stacks, and the rise of cloud services makes this trend more likely to continue. Getting everyone together on one call in a secure fashion to solve a problem is much more efficient for the customer and better for the service desk, as well in terms of user satisfaction. Mobile will help drive this trend as users start working in more flexible ways. Ultimately, we’ll see more emphasis on supporting the service rather than the asset.

www.vitalmagazine.co.uk | May-June 2014

IT Service Management

Problem management – Where to start? Where to end? Problem management is one of the biggest challenges for service management teams. Getting it right is difficult, as is finding the time and resource to keep it right. However, it’s impossible for IT services to improve without taking problem management into account, says John Noctor, director of customer success, Cherwell Software… management can be a nebulous term, but it is P roblem one of the biggest challenges for ITSM teams that want to improve the quality of service they offer. Implementing problem management is seen as a route to ITSM nirvana for some, while others don’t understand the value a formal and structured problem management process will bring to their operation.

For a few ITSM leaders, problem management can be a sore point as they may have tried to implement a new programme that has not worked. Time is a precious commodity in ITSM, and battles have to be chosen wisely. Previous failures, no matter what the reason, can be inhibitors to process implementation and improvement. Wherever you are on this spectrum currently, problem management can and should provide a significant improvement to service delivery. What makes one programme successful and another fall by the wayside is not always apparent without a deep dive analysis and even then, it can be subjective rather than based upon empirical data. Getting any implementation right is challenging as is finding the time and resource to keep it running successfully. However, it’s

impossible for any IT services team to improve their service quality in the long term without taking problem management into account. In order to get a problem management programme going, the first step is to understand how well you are performing at the moment. This can involve looking at how you categorise the tickets the service team is working on, the underlying methodology they incorporate to manage these and the terminology involved.

Incidents and requests The traditional approach to managing inbound enquiries to the service desk involves logging tickets and then tracking how they are dealt with. These will normally fall into two processes: incidents and requests. Incidents are those calls where specific issues are reported and involve areas such as fixing broken hardware or software not working. The service desk then steps in to remedy this issue. On the other side, requests involve those calls that are made for new things. This can be for a new software installation or new functionality within an application. For the service desk, these will be noted, resolved if possible or passed on to the appropriate team within the IT support organisation.

www.vitalmagazine.co.uk | May-June 2014

IT Service Management For incidents, the service desk is a reactive element. Problem management is different – it involves looking for what leads to incidents to be reported multiple times in the first place and then looks, in more detail, at the root causes and provides a temporary workaround and ultimately a permanent fix (usually via a change management process). By proactively setting out to fix these problems before they lead to more incidents, problem management should improve the overall quality of service that customers receive from IT in general. It should also provide opportunities for resources to be dedicated to finding further problems and fixing them rather than just fixing each incident as a one-off.

Introduction to problem management The challenge with problem management is where to start. For organisations that have been burned trying to implement problem management in the past, it can be a difficult process to start again. For others, they may see what they currently do around break/fix responses as currently adequate. The truth is that all organisations are doing some form of problem management today, whether they know it or not; it can take the form of statements like, “Well, we won’t let that happen again!” rather than specific programmes designed to spot problems. Formalising problem management involves dedicating both resources and time to the process side. This is often where people fall down in that they are currently full to capacity and unable to stop firefighting. During one project, the IT manager involved described it to me as “being so busy chopping down trees, I have no time to sharpen the axe.” The other problem in implementing problem management is the lack of data that companies have around this topic. It is easy to track incidents and requests as they come in and are resolved, yet problems are less easy to do this with. For a start, users don’t tend to mention that their call is similar to another that has been made, either because they don’t know or because it’s “their problem” and not the same as someone else. Looking at the ITIL processes here should help; however, these guidelines suggest that a new problem should be created as part of each incident being logged. Without an active problem management approach being in place, along with defined criteria for logging potential problems, this can be tricky to manage as individual service desk members use their own terms and interpretation of customer descriptions in order to complete the records. This can elongate incident management tasks and potentially affect service. At this point, things can get quite circular; problem management is not implemented as it is too difficult and the value is not clear. At the same time, the number of incidents continues to rise and affects service quality. To stop this, a practical step to take is to evaluate what the service desk and the whole of the service management department really wants to achieve and how the culture of the service desk will support those achievements being met. A second step is to look at data in more detail and try to spot patterns or regular occurrences that lead to spikes in incidents. By applying a “business intelligence” approach to problem management, it can support potential investment decisions. A tip for the introduction of problem management where no

www.vitalmagazine.co.uk | May-June 2014

such process already exists is to look to your Service Catalogue. By identifying the critical services and aligning your new problem process to these rather than a big bang approach, you can organically grow your problem database, and have tighter management of relevant resources with less impact to the entirety of support whilst optimising the process itself before expanding across the portfolio. Some organisations may even go down to specific “products” or “components” of the service, which underpin core end user activity or are line of business affecting.

A cultural change required? Service management ultimately comes down to establishing the right processes, procedures and policies around that culture. While these three areas may look similar, there are important distinctions to make. Processes are the steps by which each task should be completed; procedure and policy cover the human elements of evaluation that take place within the process framework.This includes looking at how incidents are classified and ensuring that everyone follows the same guidelines. In this way, incident classification can help to provide more information for problem management. As part of this, there may be cultural change required within the service desk team. For teams that have already tried problem management before, this can be a real issue. However, without getting this right, there will be no opportunity for continual improvement in service quality. Spotting problems earlier and taking a proactive approach to solving issues is the only way to generate long-term benefits. This can also help service desks prove the value they create. By linking problem management into wider IT projects, the service team can demonstrate how taking a proactive approach has helped wider business initiatives to be successful as well. In part, this is based on thinking about what users or customers want to see before, during and after any incident. Problem management can support continual service improvement by recognising issues within the wider IT infrastructure or frameworks. At this point, problem management can also work alongside software development as well. Software change and release management processes are becoming increasingly embedded into IT operations processes – witness the rise of DevOps as a movement recently. For the service team, there is an opportunity to work on consistency of approach across any request that comes into the organisation. Problem management can help to spot where those handovers between services, applications or teams are responsible for issues affecting the user and therefore stop them before they have an impact. Great problem management is also introspective. The best processes allow for review of not only how a specific record was managed, but also how well the process supported the lifecycle of that ticket through to resolution/completion and whether the process itself is still fit for use. Problem management continues to be the “elephant in the room” for many ITSM departments, and getting started on the right path is a challenge too. However, the return on resources from a good problem management approach is far higher than staying with existing incident response on its own. The latter approach neglects the opportunity to be proactive. Without problem management, ITSM teams will find it harder to continue delivering the service levels they expect of themselves.

IT Service Management

What does the future hold for ITIL? Is ITIL still relevant 25 years on and, if so, how does it still provide business value? Kaimar Karu, Head of ITSM at Axelos, shares his thoughts…

the 25 years of its existence, ITIL has T hroughout supported IT organisations in providing business value for their customers in the form of well-designed and supported services. ITIL has become the most widely used and most successful ITSM framework in the world, with true global reach. Over this time, ITIL has seen several major updates (the latest being in 2011) to make sure the recent advancements in technology, and the latest changes in overall business requirements are taken into account. Recent surveys have shown that the core best practice principles ITIL follows – supporting business objectives; enabling business change; optimising customer experience; and continual improvement – have remained relevant and helpful in the modern age of cloud, agile and BYOD. But what does the future hold for ITIL?

A holistic approach Successful ITSM initiatives rely on three main components: • Fit-for-purpose and fit-for-use processes; • People who are valued and supported by the organisational culture; • And technology as an enabler. Whenever one of these components is ignored, only failure can result. When we look at problematic initiatives, common patterns emerge. Creating processes is where many organisations start, but moderation and common sense is sometimes not considered. The result of this exercise can be a list of overly complicated processes, each accompanied by an impressive set of documentation, not always meeting the real needs of the organisation. The next step then is buying an ITSM tool, which will be configured to match the newly created processes, resulting in a significant investment. Unfortunately, this is also where the organisations very often stop. For many reasons – main of which is perhaps the fact that this is the most complex one – the people side is often ignored. ITIL is “guilty” in making the process part easy, as it offers an effective process design, implementation and maintenance

framework, introducing concepts like service design and continual service improvement. It provides the service management professionals with a smörgåsbord of processes and activities, most of which make sense to all types of IT organisations, and people tend to over consume. Having felt the pain of failing services, unhappy users and disappointed customers, these professionals are starving for solutions, and can end up with starters, mains and desserts on the same plate, in a huge heap. Instead, ITSM initiatives should be more like a good à la carte experience – each dish chosen carefully, and cooked to one’s liking. This is why ITIL will be focusing on a holistic approach, complementing the core principles with additional guidance on how to choose and design good processes, work with and enable people, and leverage technology to support it all. Responding to practitioners’ requirements and an improved set of IT governance processes will also be added to the mix.

An integrated approach Good services are not designed in isolation – a continuous dialogue between the service provider and their customers is essential. Rarely are all the components of one service delivered by just one team, so we need to take well-maintained (supplier) partnerships into account as well. The recent emergence of the DevOps philosophy has put even more focus on creating a value-focused well-functioning ecosystem between all parties involved, and getting rid of the silo-enforcing over-the-wall “not my problem” attitude. Value creation requires a good understanding of the value chain, and this extends much further than just inside the IT department. Even though the DevOps name implies the concepts might apply only to the IT development and operations teams, the reality is that DevOps is about well-functioning cooperation between all teams, including HR, finance, facilities and all the others. Also, let’s not forget the project management office. ITIL has built-in support for this approach with processes such as business relationship management, service portfolio management, service level management and others. At the same time, much more guidance is needed for the “how” – the context-dependent adoption of the best practice and the basis for organisational good practice. We also need to look at other disciplines. There is no reason

Successful ITSM initiatives rely on three main components.Whenever one of these components is ignored, only failure can result 32

www.vitalmagazine.co.uk | May-June 2014

IT Service Management

for ITIL to enter the field of software development with a wish to redefine the best practices there, for example, but it does make a lot of sense to both explore those said practices and bridge them with ITIL. Doing this, ITIL also needs to define its own APIs for other frameworks to tap into. At a first glance, the concepts behind SCRUM, or agile in general, might not seem relevant for IT service management, but who wouldn’t want to have more visibility around the work done or guidance on how to break large tasks into bite-sized correctly prioritised chunks for improved delivery? In fact, many of the best practices around how to adopt IT service management principles in cloud-based environments do currently reside in the software development domain. The responsibilities there for infrastructure management have moved from physical hardware to Infrastructure as a Service (IaaS) and Infrastructure as Code, and the levels of automation that are now technically possible can be leveraged to greatly improve the efficiency of IT service management. By providing a continually improving set of service management best practices, underpinned by a cyber security portfolio and well-defined bridges with other frameworks, ITIL of the future will be the “grid” that can be laid over the whole organisation, connecting the dots between business requirements and IT capabilities, and providing the appropriate governance and risk management models to ensure maximum business benefits. Community involvement in all of this is the key – ITIL needs to be a set of real best practices, collected and analysed by practitioners, for practitioners.

A supportive approach To provide help on the service management improvement journey, ITIL will take the lead in Continual Professional www.vitalmagazine.co.uk | May-June 2014

ITSM initiatives should be more like a good à la carte experience – each dish chosen carefully, and cooked to one’s liking. This is why ITIL will be focusing on a holistic approach Development (CPD). A wide array of complementary trainings, in addition to a well-designed set of ITIL core trainings, will help professionals to keep their skills up-to-date, as well as learn more about emerging methodologies and how to apply them for their work. This is in turn supported by complimentary publications, including various practical white papers and related case studies. While acknowledging that rarely will a custom-made model described in a case study fit the needs of another organisation perfectly, the reasons for and expected outcomes from choosing a particular approach, accompanied by lessons learned, can be very helpful and provide significant savings both in time and money.

A future-proof approach ITIL has been and will always remain an evolving set of best practices. As with any other framework, it has its strengths and weaknesses. Focusing on the needs of the practitioners, while ensuring the delivery of business value will make sure the strengths of ITIL will be developed further, and areas where it lacks comprehensive models will be addressed and improved. Instead of trying to describe one “true” method to follow for adopting ITIL, the core set of universal principles will be supported by additional context-based materials where organisations of all sizes, and from all geographies, will find useful guidance on how to make the change happen. For the most widely adopted IT service management best practice framework, the future looks bright.

Cover Story

Changing the perception of IT Two new reports have exposed the huge gender gap in IT, which is set to widen over the coming years, meaning that the UK economy could miss out on an extra £2.6 billion a year. Sophie-Marie Odum speaks to Sheila Flavell, chief operating officer/founder director of FDM Group, to find out why this gap still exists in 2014… ask a young person to describe what someone “I fwhoyouworked in an IT department looked like, their sentence would probably begin ‘a man with…’.This is the perception out there.The image of IT is a problem,” comments Sheila Flavell, chief operating officer/founder director of FDM Group on why there is such a large gender gap in IT. According to BCS, The Chartered Institute of IT’s Women in IT Survey, women currently account for just 15-18% of IT professionals; a figure that has fallen significantly in recent years. Furthermore, a new Cebr report, commissioned by Nominet,

has estimated that increasing the number of women working in IT could generate an extra £2.6 billion a year for the UK economy. Sheila continued, “This report puts the spotlight on the urgency of encouraging more women to pursue a tech career. It shows that we need to make IT attractive and teach young people the value of IT skills in today’s society. We should promote how IT skills can increase their own employability. “There is no hiding from the fact that there is a gender gap in IT. Schools aren’t doing enough to make IT exciting. The current IT curriculum is boring, and I think students from a young age right through to A-levels struggle to see the benefits of what

The lack of women entering the profession is a very real threat for the industry and for UK plc

www.vitalmagazine.co.uk | May-June 2014

Cover Story

they are learning. Instead of Microsoft Word, PowerPoint and Excel, it should be more about mobile apps and more of the cuttingedge stuff as it’s currently not encouraging young women to enter into this industry.

There is no hiding from the fact that there is a gender gap in IT. Schools aren’t doing enough to make IT exciting.The current IT curriculum is boring

“The IT industry is dominated by males and that in itself deters women from pursuing a career in IT. FDM Group is seeing many more women entering senior management positions nowadays, more than ever before, but it is still not enough.” The Cebr report, which drew on new research among IT decision makers in UK businesses, found that 76% of respondents believe they lack suitably skilled staff in IT. Of these, 58% say this negatively affects productivity levels, estimating on average that productivity levels are 33% lower as a result. In addition, 59% agree that their IT team would benefit from having a more gender-balanced workforce, while only 7% disagree. Improved communication skills (52%), improved staff morale (48%), and bringing new ideas to the organisation (46%) were the most frequently cited benefits. Sheila said, “Undoubtedly, a gender-balanced team will have a wealth of benefits. There has been a lot of research, which shows that teams with more women function better and have increased profitability over companies who don’t – that in itself makes it more plausible for organisations to employ more women in their teams. “Women think differently to men; they look at things at a different perspective and offer a different viewpoint. If you have a mix of skills within a team then you are much better at problem solving, which ultimately leads to better performance, communication and creativity. “A gender-diverse workforce is the way to go. The problem is attracting and retaining talented women. Companies can’t afford to ignore 50% of the potential workforce.” Gillian Arnold, Chair of BCSWomen, part of the BCS, added, “The lack of women entering the profession is a very real threat for the industry and for UK plc. We need to support UK employers who struggle to find IT skills for their organisations and we believe that ignoring 50% of the potential workforce because of their gender is ludicrous. “It’s vital that we reach out to more young women to encourage them to see what an amazing career IT offers and to build the pipeline of skills in the industry. With a diverse mix in the working population, the UK IT sector can capitalise on the promise of additional profits and innovation that diversity can bring.”

Gap is set to widen According to the Cebr report, based on current trends, the IT gender gap is set to widen over the coming years. But it seems addressing the gender gap can be split into two main issues; attracting young women into the profession directly from study; and encouraging women returning to work following a career break to consider IT as an option. The same report found that only a third of ICT A-level students

www.vitalmagazine.co.uk | May-June 2014

and less than a tenth of Computer Studies A-Level students are female, whilst just over half of those the BCS questioned (53%) think it is difficult for women to return to a job in IT following a career break.

Sheila commented, “IT is not seen as sexy and as inviting as other industries. Although it’s easier than before to get more women into IT, that’s at the bottom level, as women progress through the ranks into middle management, that is when they start disappearing off the edges. “As women leave their jobs to get married and have children, they sometimes find it a challenge to get back into the industry. Because technology moves on at such a fast pace, they become deskilled and lose some confidence after a number of years out of the workplace, and I don’t think many employers make it easy for a lot of those women to come back, in regards to flexible working. “The gap will only widen if employers don’t start doing more to help women back into work. At the moment, there just aren’t enough women coming into middle management and it’s absolutely imperative – strategically and morally – that we get more women into the workforce. The unemployment stats will increase if we’re not successful and this is a worldwide problem, not just in the UK.” To help qualified and experienced women back into IT, Sheila says that flexible working may be the key for the working mother. She said, “Nowadays IT departments work on a more agile basis and that offers more flexibility. By employers just being more open minded to this idea, it may encourage more women to return to work.”

Making IT sexy The Cebr research also cites 53% agree that women find working in technology jobs less attractive than men do. Of these, 60% of believe that the IT profession is still perceived to be male-dominated, and 33% think IT is not promoted enough as a viable career option for girls in school or college. However, it is hoped that the transformation of the new computing curriculum, which launches in September 2014, will kick-start a renewed interest in the subject among young people. Although technology drives economic growth in the UK, the IT industry is suffering from a skills shortage with companies crying out for an abundance of talent to recruit. Everyone is looking to recruit more IT talent and the fact that there is an IT gender gap only increases the skills shortage. Therefore to benefit the UK economy, it is hoped that the IT industry and government will attract and encourage more women into the industry – from school age through to university – to actually embrace computer science and embark on more computer science-type subjects. Gillian added, “It’s vital that we show more young women what an amazing career IT offers and to build the pipeline of skills in the industry.”

VitAL Security

Zero-Day is the new battleground Corey Nachreiner, director of security strategy at WatchGuard Technologies, looks at the characteristics of an Advanced Persistent Threat, and explains why we need a new approach to mitigate the risksâ&#x20AC;Ś

Zero-day is the new battleground. The rise of the zero day attack is well illustrated by recent vulnerabilities detected in Internet Explorer (IE) and Adobe Flash, both exploited in the wild the SQL Slammer worm brought Internet traffic I nto2003, a standstill in many parts of the world for several hours by targeting a known vulnerability in the Microsoft SQL database, for which a patch was available six months earlier. Key to its success was its small size and the way it quickly replicated itself and randomly looked for new targets to infect â&#x20AC;&#x201C; but it was avoidable if the right measures had been taken.

IT vendors such as Microsoft, Adobe and Cisco responded to threats like Slammer with frequent updates or patches, while Intrusion Prevention Systems (IPS) were developed to look for known patterns of vulnerability exploits and antivirus software advanced to block and quarantines known malware. Regulations like PCI DSS mandate that companies keep their antivirus software updated to the latest signatures. But today this is not enough. Zero-day is the new battleground.

www.vitalmagazine.co.uk | May-June 2014

VitAL Security The rise of the zero-day attack is well illustrated by recent vulnerabilities detected in Internet Explorer (IE) and Adobe Flash, both exploited in the wild. In the case of IE, attackers can exploit the flaw to gain the same user rights as the current user. This means that if the user has administrative rights, an attacker can take complete control of a targeted system to install programs and view, change and delete data, as well as create new accounts with full user rights. And using the same zero-day technique, the vulnerability in Flash media player allows attackers to run malicious code on a system, simply by enticing users to a website containing specially crafted malicious Flash content.

Appliance of science In the biomedical field, researchers and doctors have long understood that microbes and bacteria evolve and become more resistant to antibiotics. They need to develop new and stronger medicines to stay current. The same is true in the information security world. Attackers have got smarter and new breeds of malware constantly emerge that are more advanced and resistant to conventional defences. Modern malware uses advanced techniques such as encrypted communication channels, kernel-level rootkits and sophisticated evasion capabilities to get past a network’s defences. More importantly, they often leverage zero-day vulnerabilities – flaws for which no patch is available and no signature has been written. In 2012, the WatchGuard LiveSecurity team reported on four zero-day vulnerabilities being exploited in the wild. In 2013, we wrote alerts about 13 that were actively being used. Modern malware is often persistent and designed to stick around. It is stealthy and carefully hides its communications and it “lives” in a victim’s network for as long as possible, often cleaning up after itself – deleting logs, using strong encryption and only reporting back to its controller in small, obfuscated bursts of communication. Many attacks are now also blended combinations of different techniques. Groups of highly-skilled, motivated, and financially backed attackers represent a significant threat because they have very specific targets and goals in mind – often financial gain from theft of credit cards and other valuable account information. These new strains of advanced malware are often referred to as Advanced Persistent Threats or APTs. Stuxnet and Duqu were two of the first threats branded as APTs used by nation states for attacking critical government infrastructures, for example. But more recently, popular botnets like Zeus have evolved to emulate APT techniques from the likes of Stuxnet and used by hackers for financial gain, targeting Fortune 500 companies along with small and medium businesses. The consequences of breaches are well documented. Forbes repor ted that sales at US retailer, Target were down almost 50% in Q4 of 2013, following publicity around its data security breach. The stock price dropped 9% and 5%10% of shoppers at Target have repor ted that they will never shop at the store again.

Sandbox defences The fight against malicious code is an arms race. Whenever defenders introduce new detection techniques, attackers try to find new ways to bypass them. Traditional antivirus

www.vitalmagazine.co.uk | May-June 2014

companies employ skilled engineers and sophisticated tools to detect suspicious activity or behaviour that indicates a virus and write a signature. But this is a losing proposition because it is always catching up and there is an 88% probability that new malware has been created as a variant of existing malware to avoid detection by classic techniques. More recently, sandbox solutions have been used as part of the detection process. Code is run and analysed dynamically in the sandbox without any human review. But malware authors now use evasive techniques to ensure that their programs do not reveal any malicious activity when executed in such an automated analysis environment. Common techniques used by malware include checking for the presence of a virtual machine; querying for well-known Windows registry keys that indicate a particular sandbox; or going to sleep for a while until the sandbox times out. So, security vendors have reacted by adding counterintelligence of their own to their systems. But this approach is still reactive. Malware analysis systems need to be manually updated to handle each new, evasive trick.

Beyond the sandbox The most common sandbox implementations rely on a virtual environment that contains the guest operating system. The key problem and the fundamental limitation of modern sandboxes based on virtualisation is their lack of visibility and insight into the execution of a malware program. The sandbox needs to see as much of the malware behaviour as it possibly can, but it needs to do it in a way that hides itself from the malware. If malware can detect the presence of a sandbox it will alter its behaviour. A smarter approach is required. Emulation of the operating system provides a high level of visibility into malware behaviours, but OS-level emulators cannot replicate every call in an operating system and it is relatively easy for advanced malware to detect and evade. More advanced sandboxes are able to see every single instruction sent to the CPU. This means that the sneaky evasion techniques employed at the instruction-by-instruction level can be detected. If a file that has never been seen before is spotted, it can be analysed by monitoring the execution of all instructions to spot APT techniques that other sandboxes miss. Visibility is also important and many IT departments are suspicious of suspected security alerts. An advanced malware solution needs to provide email alerts, log and report capabilities and clear indication of why any file has been detected as malware so it is not dismissed as a potential false positive.

Stay safe Threats continue to evolve. Hackers today use the same advanced techniques that were used in attacks on nation states in recent years. This means that security solutions need to evolve to stay ahead, and signature-based malware detection is simply no longer good enough. Antivirus and Intrusion Prevention Services are still a necessary par t of any company’s defence, but they need to be supplemented with new advanced zero-day detection capabilities.

VitAL Security

Mind the TMG gap Leigh Bradford, from Kemp Technologies, looks at Microsoft’s decision to “end of sale” its Threat Management Gateway and what it means for enterprise users… September 2012, Microsoft announced that it was I ndiscontinuing its Forefront Threat Management Gateway product as part of a number of major changes to its

Forefront product line, in an “effort to better align security and protection solutions with the workloads and applications they protect”. While Microsoft has pledged to provide current Forefront TMG customers with mainstream support up until the end of 2015, and extended support until 2020, the move – that surprised many customers – does present some challenges and raises the question about what will replace it. Microsoft’s Forefront TMG, formerly known as Microsoft Internet Security and Acceleration Server (ISA Server), has been a key component of the solution for organisations deploying Microsoft Exchange, Lync or SharePoint. One of the key features of TMG is that it offers customers a way to publish and protect workload servers such as Exchange Client Access Servers; especially in Internet-facing deployments where a clean and secure separation between the back-end critical infrastructure and the public Internet is essential. TMG has proved particularly popular for use with Exchange infrastructures because of its relatively easy-to-deploy, reverse-proxy functionality. This is essential when you have a demilitarised zone (DMZ) to ‘sanitise’ incoming connections from the Internet before passing traffic onto servers hidden by an internal network.

Bigger picture Microsoft’s decision to end TMG is part of a bigger picture. The company plans to integrate more security controls into the cloud with its Microsoft Office 365 solution and also replace TMG with its Unified Access Gateway (UAG) product. But it’s not quite that simple. For a start, UAG can be up to twice as expensive. Depending on what part of the world you are based, the cost of transition could be painful. Secondly, for applications such as Exchange, there are some functionality gaps that UAG currently does not cover, such as two-factor authentication for ActiveSync devices or certificate-based authentication for OWA. And it’s not just Exchange; while UAG has more features than TMG, it also doesn’t, as yet, fully support some Lync functionality and is overkill if used for only this purpose. So for companies that do not want to migrate to Office 356 or adopt UAG, what are the options?

The options Many companies already deploy hardware load balancing appliances in order to publish Microsoft workload servers for Internet-facing applications. As well as separating the critical infrastructure from the external Internet, load balancers stop traffic “at the gate” and make sure that users are automatically connected to the best performing server. And if one becomes inaccessible, the load balancer will automatically re-route

Microsoft’s decision to end TMG is part of a bigger picture.The company plans to integrate more security controls into the cloud with its Microsoft Office 365 solution and also replace TMG with its Unified Access Gateway (UAG) product. But it’s not quite that simple traffic to other functioning servers so that users always experience optimum performance. The load balancer may also offload processor intensive SSL encryption to speed up the throughput. So, now that “End Of Sale” time has arrived for TMG, some companies will be extending their load balancing platforms with new security features that build on existing core technologies such as the Reverse Proxy function to fill the gap left by TMG. This includes features such as end-point preauthentication, using Active Directory, to protect workload servers from unauthorised access. Clients will have to provide valid authentication information to gain access to a service or be blocked. Another feature that products may have is Single Sign On (SSO) across multiple virtual services. This means that clients only have to enter authentication information once to access all services in a group. For example, a client accessing Exchange will also be able to access SharePoint and other workloads if they are configured in the same SSO group.

Supporting businesses Both large and small businesses are deploying large numbers of Internet-facing applications to support ever-expanding business requirements. This rapidly growing number of servers needs to be scalable and highly reliable and, above all, access to these servers and services needs to be secure. For organisations and businesses facing life without TMG, the addition of security features into their load balancers will continue to deliver protection along with scalability and high reliability.

www.vitalmagazine.co.uk | May-June 2014

Cloud Computing

www.vitalmagazine.co.uk | May-June 2014

VitAL Security

“The cloud is far from perfect” James Bindseil, President and CEO of Globalscape, examines the future direction of security policy and the effects of the cloud on corporate data security…

way enterprises do business is changing. An T heincreasing demand for a mobile, collaborative workforce paired with a desire for a relatively inexpensive solution to infrastructure expansion has made “the cloud” one of the most talked-about concepts today. Microsoft, Amazon, and Google are all confident that the cloud is our future, as evidenced by the launch of Microsoft’s Office 365, Amazon’s Web Services package, and the growth of Google Drive. However, the cloud is far from perfect in its current form. Perceived issues surrounding security have slowed its adoption. Few enterprises have moved their entire business to the cloud, and those who have, are still concerned about the security implications and the potential – unintended – accessibility of their data.

The remote workforce

The cloud is not nearly as risky an option as many doubters think; however, it is far from impervious to attacks, and a layered security approach remains the safest approach to protecting sensitive data

The fact that many large enterprises have invested considerable resources in the cloud is doing little to sway “cloud skeptics”. Some businesses have taken a measured approach by transitioning some systems to the cloud, but not all of them, carefully evaluating what type of information is stored in cloud-based systems.

The risks of the cloud The cloud is not nearly as risky an option as many doubters think; however, it is far from impervious to attacks, and a layered security approach remains the safest approach to protecting sensitive data. Storing files offline does come with many advantages. For example, Coca-Cola stores their secret recipe in a state-ofthe-art steel vault in Atlanta, GA, complete with round-theclock security. With the recipe locked away in a physical vault, potential thieves will be more deterred than if they were given the challenge of accessing the file in the cloud. Locking files away physically by taking them offline in a layered, on-premises security solution is still one of the most reliable means to security. Yet, in a business environment dependent on collaboration and the availability of information, this is not an entirely realistic approach. For this reason, a number of businesses have chosen to adopt

“hybrid” clouds. A hybrid cloud provides businesses with the best of both worlds – the accessibility of the cloud combined with the security and reliability of an on-premises solution— allowing businesses to choose where to store specific data. Gartner predicts that, by 2017, over half of mainstream enterprises will be running hybrid clouds. Cloud-based security systems can be made secure, but the more secure option will always be on premises.

Of course, one of the key benefits of the cloud is its remotely accessible nature. Cloud-based IT systems remove impediments to creating a global, collaborative workforce. A business can employ someone purely on their expertise and eligibility for a role, eliminating logistical matters such as providing them with a local office.

With an increasingly remote workforce and employees regularly taking work home on their laptops and mobile devices, limiting risk has become increasingly difficult. Running an office where confidential data remains on site is easier to secure; however, confidential data often must be made accessible to this mobile workforce. By increasing mobility and accessibility, organisations introduce more risk and provide outside agents, like hackers, with more access points to gain access to sensitive data.

The adaptability of hackers Hackers and malware represent some of the most salient threats to the security of IT systems. The growth of the information security industry is evidence of the need for, and advancement of, IT security services. Organisations are locked in arms race with hackers. As businesses adapt to mitigate security threats, hackers discover new vulnerabilities and methods to infiltrate defenses. Firewalls, anti-virus programs, and secure file transfer software are critical to securing data against these attacks, but without creating and enforcing sound security policies, businesses are still vulnerable. Businesses must become more proactive in their efforts to prevent hackers from gaining access to their systems, but recognise that no system is perfectly secure. Businesses must secure their networks and develop damage-control

www.vitalmagazine.co.uk | May-June 2014

VitAL Security

Businesses must secure their networks and develop damage-control processes on the assumption of “not if, but when” they will be hacked processes on the assumption of “not if, but when” they will be hacked. By preparing for the worst-case scenario, organisations will usually be one step ahead of hackers. Looking to the future, nobody can guarantee that businesses will be able to completely secure their data in the cloud. As enterprises have improved their corporate security practices, they have become better able to adapt to growing security threats. Additionally, security products are evolving to work as effectively within the cloud as on premises, and to work across multiple locations. The cloud is an exciting and under-used option within the IT industry; with the potential to completely change the way we do business today. Because of its convenience and accessibility,

www.vitalmagazine.co.uk | May-June 2014

however, it is difficult to convince IT administrators that it will ever be as secure as on-premises data storage. Security threats posed by hackers and the cloud alike are inspiring security product developers to build more innovative, robust products to secure data in the enterprise and in the cloud. The skills of hackers will continue to adapt and evolve; therefore, securing your business against threats is not only about preempting hackers, but also about ensuring careful business practices through secure corporate policies and systems. In short: The cloud is the future of IT. The potential for innovation and the benefits of the cloud greatly outweigh the drawbacks. It’s up to the IT and security leaders and disruptors to pave the way for a safer cloud solution.

Cloud Computing

The future of cloud Nathan Bell, cloud expert and global director of products and marketing,Telstra Global, discusses the various possibilities the cloud can offer businesses today and in the futureâ&#x20AC;Ś

Organisations across APAC are embracing the IT transformations within cloud, big data and mobile looking how to better serve the needs of their customers number of internet-connected video devices W ithset theto exceed the human population by 2017 and the explosion of smartphone and tablets, APAC (AsiaPacific) is acting as the engine room to this growth.There has been a change in the way we interact with this type of technology with cloud enabling end-users to access this content remotely.Young, tech-savvy consumers, coined the â&#x20AC;&#x153;Yâ&#x20AC;? generation, have grown up surrounded by technological innovation and are unaware of how the connected and online experience is shaping their lives. The changing human interaction with the cloud and its importance in our day-to-day lives has created a golden opportunity that businesses can capitalise on, using insights to increase customer satisfaction for both corporates and

consumers. Organisations across APAC are embracing the IT transformations within cloud, big data and mobile looking how to better serve the needs of their customers.

The opportunity of cloud The cloud has transformed on an unprecedented scale, with the public/private cloud storage market predicted to be worth $46.8bn by 2018. Networks are increasingly being defined by dynamic functions and the introduction of business process service level agreements (SLAs). For instance, cloud platforms are being linked with traditional on premise applications, such as a Customer Relationship Management or Supply Chain Management environment. This is enabling the network to reshape itself and categorise its applications based on current activity levels so that network

www.vitalmagazine.co.uk | May-June 2014

Cloud Computing

traffic and the needs of remote workers can be easily managed and prioritised.

Innovation in the cloud Cloud providers have discovered different approaches to supply companies and consumers building private or hybrid platforms, and have expanded their services accordingly. We’re also seeing a growing number of applications developed by business customers in the cloud, who are more willing to develop their own, as they are educated on its flexibility.

The idea is simple. Buying relevant computing space to test an approach and then shutting if off again when the activity has run its course, reduces the risk for the business when compared to the previous options available. With the cycle of applications gathering momentum, the enterprise app store has arrived on the scene as CIOs provide employees with a selection of applications endorsed and supported by the organisation. Until now this has had limited success, however, with the widespread adoption of Bring Your Own Device (BYOD) and publicly hosted secure applications, it is becoming more widespread as a way of enhancing productivity.

Maximising opportunity To maximise the opportunity of cloud, businesses must keep flexible and agile, tailoring cloud platforms to offer solutions designed to individual customer needs. As providers recognise their strengths, they will also identify partnership opportunities with vendors, offering complimentary technology to their existing portfolios. For example, businesses that deploy application programming interfaces (APIs), allowing developers to design products based on an organisation’s services, will achieve success. Companies can build their web conferencing capabilities into another web-based application, such as instant messaging, enabling seamless collaboration and communication between individuals. The reality is that organisations rarely use applications in siloes, meaning those vendors offering API solutions that increase collaboration with complementary

www.vitalmagazine.co.uk | May-June 2014

products and markets, stand to benefit from increased sales with their customers.

Intelligent insights In recent times, big data has been more akin to trying to drink from a fire hydrant – we can access a lot of it but have little time to digest it. However, businesses will start applying different lenses to data sets so that they can identify what is relevant to them or impacting upon their business. By focusing on actionable data, businesses will be well placed to optimise their services and customer experience.

Looking further ahead into 2015, the use of data will become key in predicting future activity and risk management. This will be driven by “smart data” platforms; assessing patterns and delivering forecast and trending data to enable improved business planning. For example, if a customer pays for their movie tickets via near field communication (NFC), the mobile operator could identify the most frequent days the user visits the cinema, and send them discount codes for these days. This approach to data analytics is increasingly becoming the norm in terms of how businesses operate.

Driving change Confidence will drive changes in the cloud. Businesses across APAC have access to large amounts of tools and services from a variety of IT vendors, and have a greater knowledge and trust in new ways to address business challenges using the cloud. Proactivity is another catalyst to change. Businesses will be increasingly pragmatic, as more companies understand how the technology is making a real difference to their operations. Ultimately, the approaches being adopted will introduce increased elasticity addressing the two biggest on-going challenges of business today: risk mitigation and profitability. Almost every business function can be delivered from cloud-as-a-service, enabling departments to take control over their IT spending, rather than leaving it down to the specific IT division. For cloud businesses to stay ahead of the trend, they must offer flexible and catered business models, especially with mobile becoming an exciting area of growth as consumers become integrated into the wider offering. References available on request

Cloud Computing

How the cloud can help businesses meet new flexible working laws All employees in the UK will be given the right to request flexible working from June this year. David Sturges, chief commercial officer of WorkPlaceLive, looks at how the cloud can help businesses implement flexible working practices…

in Britain are about to see one of the W orkplaces biggest steps forward in working conditions for

decades. A new law, which comes into effect in June, will allow any worker with six months continuous service the right to request to work flexibly after 30th June 2014. Whilst this may be welcome news for employees, many businesses will be concerned how they can offer this, whilst ensuring business as usual. A white paper released last year by O2 cited that 79% of full-

Cloud computing can increase workforce productivity by up to 20%. Staff work two hours more per day if working on mobile devices time workers stated that flexible working patterns are “very” or “fairly” important to them; and just 18% feel they are attaining their desired level of flexibility. Another report by YouGov found that whilst one third (33%) of senior decision-makers say their business offers flexible working hours – 28% discourage it. However, the same report

www.vitalmagazine.co.uk | May-June 2014

Cloud Computing

indicates that half of the staff who are offered flexible working say it makes them more productive. Whilst there have been numerous reports over the years, regarding the growing popularity of flexible working, it’s only now many businesses are waking up to the realities of how they can make this work in practice, before the new law comes into force. The options that employees could ask for under the new law include part-time working, flexi-time and job sharing, compressed hours and working from home or remotely.

Cloud computing One solution companies could consider is cloud computing. The ability to offer remote working has been made possible over the last decade because of technological innovations such as cloud computing and the ubiquitous use of mobile devices, which has in part fuelled the trend for flexible working patterns. Workers no longer need to be office bound and with the right set-up can effectively work from anywhere in the world. A growing number of organisations are starting to embrace cloud computing to improve their IT usage, reduce administration time and enable their staff to work flexibly and remotely. One good option for charities is moving to a privately managed cloud computing service, such as a Desktop as a Service, (DaaS), often referred to as a Hosted Desktop Service. This involves an organisation’s IT infrastructure and data being outsourced a Hosted Desktop provider who will professionally manage it in a UK datacentre protected by corporate grade firewalls. They deliver the IT as a service to users over the Internet on a low monthly per user cost. All the latest software and security updates are provided, which reduces software and licensing costs and all data security backups are managed by the provider. There is no longer the need for servers in the office or for any IT administration – saving time and money.

Hosted Desktops Using Hosted Desktops employees can log on to their own desktops and their entire suite of software applications – from their CRM database, fundraising packages to their accounting packages, as well as their emails – from any location, using any Internet-ready device. Wherever employees go, their office goes with them, allowing them to work seamlessly and

www.vitalmagazine.co.uk | May-June 2014

One solution companies could consider is cloud computing. The ability to offer remote working has been made possible over the last decade because of technological innovations such as cloud computing and the ubiquitous use of mobile devices productively on the move. Apart from allowing businesses to implement flexible working there are other major benefits of Hosted Desktops, such as cost savings and increased productivity. Most people are surprised at the actual cost of provisioning IT – according to analysts, including Gartner, it costs around £1,500 to £2,000 per person every year to supply licences and to manage and support a fixed desktop. Implementing a Hosted Desktop strategy can reduce this cost to less than £1,000 per year, typically saving organisations between 30% to 50% from their IT budgets over a four year period (the lifetime of a typical server).

Productivity unaffected Many businesses worry that offering flexible working can mean that productivity is affected; however this is rarely the case. Cloud computing can increase workforce productivity by up to 20%, according to research from Pixmania, “Staff work two hours more per day if working on mobile devices”; and the YouGov research mentioned earlier indicated 50% of people felt being able to work flexibility actually increased their productivity. Hosted Desktops enable seamless remote working from any location, which ensures high productivity levels and can enable companies to reduce overheads, offer flexible working and keep their staff happy. As long as companies have procedures and systems in place to ensure productivity doesn’t decline – for most it could mean their employees become more productive and happier.

VitAL Management

Maintain productivity as the business grows According to Graham Twaddle, chief technology officer at Corporate Modelling, greater innovation can help resolve the mismatch between growth and productivity… news is filled with optimistic headlines regarding the U Keconomy and jobs at the moment. However, the truth

is that productivity is still falling behind. Labour productivity fell sharply during 2008-9 and is still almost 4% below its prerecession level. As a result, in terms of output per worker, UK productivity is still well behind the average in the G7 leading industrialised nations. The good news is that greater innovation can help to merge this disconnect between growth and productivity. New developments in workforce management software, for example, are already helping financial services firms to evaluate their business models and provide a much clearer view of how much outsourcing the administration of a particular book of business is likely to cost. By using workforce management technology to gather data from the back office, management can see precisely how long each financial product takes to administrate. This in turn, provides senior management in financial services companies with a bird’s-eye view of individual policy or product books.

Business intelligence Drilling down to this granular level of information allows these firms to make much more accurate evaluations on the cost to outsource policy administration, or to manage and compete internally with the outsource vendors. This invaluable business intelligence not only provides companies with a unique understanding of their policies and products, but can also help them recognise which products are most costly and which areas of the business are most efficient. As a result, firms are able to predict the future performance of their business much more accurately, especially compared to more traditional approaches. Of course, all companies are concerned about the issues that can arise when implementing new IT systems, and – even more importantly – the impact they might have on the business. However, enhanced workforce management tools can offer a number of significant benefits from day one, as they can help UK businesses to make better and more effective use of their time by allocating specific tasks to those with the relevant skills at the right time, regardless of their location.

Modern approach This modern approach can drive greater efficiency by showing managers exactly where time is being spent and which products or customers need particular attention. Managers in the back office can therefore obtain a clear view of their staff ’s workloads in order to keep track of day-to-day task progress. Workforce management systems can quickly reveal any over or under capacity issues across teams and give managers full

The old adage of “if you can’t monitor or quantify it, you can’t manage it effectively” has always proven true visibility of their team members’ utilisation so that they can move less busy team members around effectively to fill in any capacity gaps elsewhere. As a result of the real-time monitoring, tasks are completed more quickly and to a higher standard, employees are happier and more motivated, and workers are given the chance to focus and develop in the areas where they excel or need additional training. Better task allocation is just one area in which UK financial services companies can use technology to become more productive, however. The old adage of “if you can’t monitor or quantify it, you can’t manage it effectively” has always proven true.

Incredible insight Modern workforce management systems are also able to give incredible insight into the actual and expected volumes of work for the day week or month, what resources the business has, what skills are required and available, and the all-important service levels or goals. Business enhancements like these have never been more important, as Britain’s financial services sector is currently in competition with other global financial centres like never before. In fact, for the first time since the Global Financial Centres Index was published in 2007, New York has overtaken London as the world’s leading financial centre. With workforce management software, firms will be able to improve productivity and stay one-step ahead of the competition. Perhaps even more importantly, this modern approach will enable firms to spark and maintain the cultural change that is needed to secure a strong ROI right now, and to deliver sustainable growth over the long-term. www.vitalmagazine.co.uk | May-June 2014

V ITAL focus groups

Helping you overcome obstacles

2014 • One-day event • Over 100 decision makers • 12 thought-leading debate sessions • Peer-to-peer networking • Exhibition • Cutting-edge content For more information, please contact Nick Hayward on +44 (0) 203 668 6949 or email him at: nick.hayward@31media.co.uk Organised by: T H I R T YO N E

www.31media.co.uk Publishers of VitAL Magazine

www.vitalfocusgroups.com

VitAL Management

Challenging hardware maintenance traditions According to a recent study, insufficient scrutiny of ongoing maintenance contracts leads to around four in five businesses refreshing their networking infrastructure prematurely, adding to the waste and missing out on the opportunity to make significant capital and operational cost savings, says Tom Pappas, Network Hardware Resaleâ&#x20AC;Ś

Maintenance contracts, particularly those supplied directly by hardware manufacturers and vendors, should be rigorously scrutinised todayâ&#x20AC;&#x2122;s business environment, priority will often be I ngiven to finding ways of acquiring more customers and

and effort on reducing hardware contracts by one or two percentage points wherever possible.

increasing revenue.To ensure that the necessary resources are available to do so, however, means that organisations may have to cut costs across other areas.

A recent report however, published by Forrester Consulting on behalf of Network Hardware Resale, illustrates that, by focusing attention on technology refresh cycles and the maintenance contracts that accompany major hardware purchases, a business can enjoy significantly larger savings.

IT departments, as one of these areas in particular, can find themselves under constant pressure to reduce their operating budgets. And, with almost 40% of budgets being spent on IT infrastructure, there is a clear demand for more cost-effective solutions to be deployed. Infrastructure and operations (I&O) teams are therefore having to work closely with their procurement colleagues to make the necessary savings, spending a great deal of time

Following advice The report reveals that a large number of businesses do not pay enough attention to ongoing maintenance contracts, and have upgraded their networking infrastructure before it was necessary. As a result, they have missed out on the opportunity to make considerable capital and operational cost savings.

www.vitalmagazine.co.uk | May-June 2014

VitAL Management

To improve the value of an organisation’s current and future hardware, its I&O teams should take a practical view of what its existing infrastructure is capable of; what it’s required to deliver; and whether it’s able to manage this expectation

Most businesses are guided by the information on refresh cycles and maintenance contracts provided by vendors and manufacturers at the point of purchasing their network hardware, software and accompanying maintenance. As a result, it’s unlikely that they’ll give much consideration to extending the lifecycles of their hardware and thirdparty maintenance contracts, remaining largely unaware of any possible alternative solutions.

Despite this level of dissatisfaction though, very few companies will actually challenge the vendors, allowing them to continue making considerable profits from these contracts.That said, four-fifths of businesses claimed that they would consider the prospect of third-party maintenance contracts should they be available, although the majority appear to be unwilling to follow this course of action, perhaps due to a lack of awareness of the options available.

Four out of five companies (79%) will follow advice from vendor-sourced industry averages and subsequently refresh their wired networking infrastructure every three to five years, including the hardware that supports campus networks, data centre networks, routing and Wi-Fi, amongst others.

If these companies were to explore these options further however, and leverage maintenance contracts provided by third parties, they could soon see a reduction in their capital and operational outlay, while continuing to receive the support that their infrastructure requires.

In following these industry averages, many I&O professionals are led to believe that, within the three- to five-year refresh cycles as suggested by the vendor, their hardware has become old, lost its value and, in the worst case, has become subject to failure. However, most of the infrastructure being replaced as a result of these recommendations will maintain its market value far beyond the suggested three to five years, and will typically have more than 20 years mean time between failure cycles. Indeed, the equipment can actually be kept for longer without having a negative impact on the business, and without incurring the considerable operational expense and disruption of replacing it unnecessarily. Therefore it’s clear that the only parties who stand to gain anything from these accelerated refresh cycles are the vendors and manufacturers themselves.

Checking the small print The report goes on to reveal that a further 81% of companies bought their maintenance contracts directly from their equipment’s manufacturer, whether by default or purely for convenience. More than half, in fact, claimed to purchase a maintenance contract at the same time as purchasing the hardware to which it applied. According to the report, businesses tend to see little actual value in those contracts purchased directly, with the majority of companies expressing dissatisfaction in what they considered to be a combination of misrepresented cost savings, new fees and inflexible pricing models.

www.vitalmagazine.co.uk | May-June 2014

Letting daylight in on magic To improve the value of an organisation’s current and future hardware, its I&O teams should take a practical view of what its existing infrastructure is capable of; what it’s required to deliver; and whether it’s able to manage this expectation. By knowing this, they should have a better idea of what hardware is still working and what can be kept. Maintenance contracts, particularly those supplied directly by hardware manufacturers and vendors, should be rigorously scrutinised. Not only can they be costly, but they can often contain items already covered by the hardware’s basic warranty and, in some cases, can no longer provide maintenance and upgrades for the version of the hardware currently in use. In addition, lower prices can be secured on maintenance contracts. As the majority of businesses purchase their contracts from vendors at the same time as their hardware, I&O departments should work with their company’s procurement teams to put these contracts out for competitive tender with a number of different resellers and third parties. Technology network refresh cycles are traditionally dictated by vendors, and maintenance contracts generally come as part of any hardware purchase, but that doesn’t mean that these practices can’t and shouldn’t be challenged. Businesses will find that, by doing so, they will soon be able to shift costs in their own favour, and begin to realise significantly greater savings.

VitAL Management

The changing landscape of customer service Mark Forrest, general manager of Trimble FSM, discusses the growing link between customer satisfaction and business performance… service is widely recognised as being the C ustomer number one business priority with a proven link between customer satisfaction, retention and profitability. Indeed, Aberdeen Group recently reported that organisations that reached a 90% plus customer satisfaction rate achieved an annual 6.1% in service growth; 3.7% growth in overall revenue, and an 89% level of customer retention. With approximately 78% of UK GDP derived from the services sector, customer service is becoming increasingly recognised as a strategic issue and, according to the Institute of Customer Service, if organisations do not include it in the boardroom then some of those businesses won’t be around in the longer term.

The growing importance of customer service Tom Gorman, President of opXL, LLC and a field service expert, believes that the goal of field service excellence is to respond quickly to customer needs, whatever they may be and it takes four criteria to meet this goal: Be on time; allow enough time to do the job; have the right skills; and bring the right equipment. The most common customer complaint is when a technician does not resolve the issue first time.This may be due to not having the right part or tools, not having the right skills or not enough time to complete the job. Considering 25% of service calls require a

follow-up visit, the result of not achieving a first-time fix can be detrimental. Indeed, Aberdeen Group report that companies not meeting a 50% first-time fix rate, and requiring a return visit, reported revenues dropping by nearly 3%. As a result, more and more organisations are beginning to realise the value of “intelligent scheduling” – incorporating technician knowledge, parts availability, and capacity into their scheduling processes to ensure that the technician arriving on site is actually the person who can resolve the customer’s issue first time. Businesses can address the challenge of making better in-day decisions by utilising a work management self-learning tool. To avoid large data set-up exercises of skill sets and work areas, a self-learning tool supports the assignment of work orders to the field technicians by remembering who has the right skills and their usual work areas. The user also has the ability to enquire what has been learnt by the system and correct it. Aberdeen’s research found that the Best-in-Class (the top 20%) performers had mean success ratios of 92% for meeting response or project completion deadlines and 88% for firsttime fixes.

What matters most to customers? According to Jo Causon, chief executive of the Institute of Customer Service, there are five key areas that matter most to customers: 1. Well-trained and professional staff members who are genuinely empowered to do their jobs

The biggest change we have seen in customer service, is the move from a transactional economy to the relationship economy where value lies in one-to-one interactions and service leaders prevail in the marketplace 50

www.vitalmagazine.co.uk | May-June 2014

VitAL Management

Are the people that interact with customers professional and empathetic with emotional intelligence and business acumen?

This power shift has come about, partly due to technology and the rise of social media, but also because you and I, as customers, want to be much more engaged in the customer experience

2. How easy is it to do business with the organisation? Does the business make it easy for me to interact with them across all channels? 3. Product and service quality Does the product or service do what is expected?

4. Problem resolution How are any issues resolved? This is not just about the outcome, but also includes the way the process is managed. 5. And timeliness Care needs to be taken when managing customer expectations about the timescale in which products or services can be delivered. It is absolutely critical to match and manage customer expectations.

A personalised service The role of the field service operative has changed dramatically over recent years – shifting from one of operational necessity to strategic significance. Why this change? Because with the rise in use of automated booking systems, for example, and with the growing trend of machine to machine (M2M) capability, allowing applications to provide preventative and predictive analytics, the field technician’s visit to the customer may be the first and only exposure a customer has to the company’s brand and service delivery. Jo said, “The biggest change we have seen in customer service, is the move from a transactional economy to the relationship economy where value lies in one-to-one interactions and service leaders prevail in the marketplace. “A ‘personalised service for many’ and a dialogue approach, as

www.vitalmagazine.co.uk | May-June 2014

opposed to the traditional monologue, is now desired. This power shift has come about, partly due to technology and the rise of social media, but also because you and I, as customers, want to be much more engaged in the customer experience.

“Looking ahead, demand for staff who have desirable attitudes and attributes for customer service will increase. In particular, there will be a stronger focus on the importance of emotional intelligence as an enabler to deal with the wide variety of changing customer service relationships and interactions.”

Social media and the consumer How do you build relationships with so many, while personalising the interaction? This dialogue approach is a major management issue but one which can, in part, be addressed through the use of social media. Social media channels have given power to the consumer like never before. We now take to Twitter and Facebook to communicate with organisations about our customer experience, with many of us expecting rapid responses to our queries and complaints. It is therefore vital that organisations not only have a social media presence, but also have clear messaging via social channels and teams empowered to conduct social media interactions with customers in a rapid and flexible way.

Who owns the customer experience? According to the Institute of Customer Service, having somebody on the board that has overall responsibility for the customer experience is essential, and that somebody needs to be the CEO. The customer service strategy is integral to the business strategy, and the board needs to lead on this. References available on request

VitAL Management

The rise of the IT department The enterprise IT department has a bright future if it embraces the empowered employee, explains Jeff Fisher,VP Emerging Technologies, RES Software…

The benefit of implementing a full-service IT platform that resembles an enterprise app store comes to mind when you think of the words “IT W hat department”? Chances are “responsive” and “user friendly” are not at the top of your list. Probably closer to the mark are “slow,” “unresponsive,” and “the department of ‘no’”. And you wouldn’t be alone. According to a recent report by CEB, 61% of employees believe IT is ineffective at helping them be more productive. IT leaders may be left wondering why service levels and turnaround times that once seemed satisfactory

to the business just a few years ago have quickly evolved into being perceived as obstructive and unacceptable. Employees these days are more tech-savvy than at any other time in history, and these modern employees will actively avoid dealing with the very same department designed to help them and increase efficiency and productivity. My goal is not to deliver a slap on the wrist to IT departments, but rather to issue a rallying cry to IT leadership everywhere – it doesn’t have to be this way! On the contrary, with the technology available today, the traditional enterprise

www.vitalmagazine.co.uk | May-June 2014

VitAL Management

When you put the lion’s share of IT services in the hands of a new generation of techsavvy employees and automate the majority of the processes remaining, you’re left with a more productive worker and an IT department with better control IT department is poised to enter a golden age – as long as it’s not afraid to shake things up a little.

comprehensive platform for each and every employee to use as their go-to IT “hub.”

Information technology 2.0

Efficiency for everyone

To meet the demands of users, IT must rethink how they view infrastructure technology. It is no longer enough for software and tools to simply “get the job done.” IT instead needs to incorporate technology that supports the workflows of the enduser – the employee – and the processes of the business. It’s no longer an option to expect employees to accept the perceived inefficient, bureaucratic pace of traditional IT operations.

The benefit of implementing a full-service IT platform that resembles an enterprise app store, apart from the convenience of having a central hub to house all of IT’s processes and services, is that it creates the most effective interactions between employees and the IT department – so effective, in fact, that the employee doesn’t even notice that the interaction is happening at all.

By changing the way the average employee interacts with IT and making employees feel like a customer of IT rather than a nuisance, employees are able to spend less time pulling their hair out about how long it takes IT to deliver a new application, provide access to a new IT service, or change a password, and instead spend more time doing the actual work they’ve been hired to do. Let’s consider how this can be done.

When you put the lion’s share of IT services in the hands of a new generation of tech-savvy employees and automate the majority of the processes remaining, you’re left with a more productive worker and an IT department with better control over technological operations throughout the enterprise.

Self-service technologies for the business can deliver IT services just as fast as consumer app stores. These IT stores house the company’s very own catalogue of IT services and applications, including popular SaaS services like Salesforce. com and Microsoft Office 365. Employees are able to download and access these services and applications through an interface that resembles that of the Apple App Store or Google Play.

IT spending less time on processes that have been automated – and believe me, a reduction in service tickets is a significant prospect for any company in today’s marketplace – will leave more time for them to spend on forward-looking IT initiatives; moving from a reactive to a proactive mindset, focusing on improving the business’ IT infrastructure for the benefit of the user, and propelling the company forward.

However, while self-servicing is an important first step in bridging the gap between the IT department and the employee through a familiar and consumer-like user interface, it is only the beginning in creating the next generation of IT. By taking the intuitive interface of an “app store” underpinned by an automation and security platform, businesses can automate onboarding and offboarding; give employees selfservice data access; and slash the number of service desk tickets and turnaround times. IT can also personalise which services users are qualified to access, and adapt services in real-time based on devices, location and other factors that change the user experience. With this approach, the IT department is creating a single, www.vitalmagazine.co.uk | May-June 2014

Forward-thinking IT leaders

By taking a page from the user-experience books of major consumer-facing companies such as Apple and Google, and meshing that with the needs and necessary compliance the IT department must sustain, a CIO can reduce inefficiencies; increase security; and ultimately deliver an experience for both the end-users and the IT staff that enables them to dedicate more time for value-add projects that contribute to the business’ bottom line. When CIOs begin to view their employees as “customers” of the enterprise’s IT infrastructure, delivering applications and services quickly, automatically and in a predictable way – all propped up on a secure, robust platform – the IT department has every opportunity to turn its antiquated reputation on its head.

VitAL Processes

Humans vs. Machines? Organisations are now forced into a delicate balancing act in juggling the management of technology with the needs/interests of employees. Both are essential for the smooth running of an organisation, but where should priorities lie? Asks Keith Tilley, EVP of EMEA and APAC, Sungard Availability Services... year I read about a particularly strange case of L astcorporate sabotage – a disgruntled worker at Frost

and Sullivan was finally caught after a three-year period of repeatedly squirting Cillit Bang cleaning fluid into the company’s IT system. The employee in question caused over £32,000 worth of damage, as well as untold levels of disruption to the business. In the end, it emerged the motive was as simple as being passed over for a pay rise. I found the above case to be fascinating and a vivid illustration of one of the business world’s most modern issues – the delicate act of juggling both the management of technology with the needs, interests and welfare of employees. Both play an essential role in ensuring the smooth running of an organisation, but understanding when to prioritise one over the other often leads to difficulty. From an organisational standpoint, it’s become very clear that businesses are more reliant on technology than ever before. And thanks to the increase in customer demand for a 24/7 level of service this is unlikely to change. Technology is key in ensuring that your enterprise remains available to everyone from customers and stakeholders through to employees. It’s important, however, to ensure that workers do not feel displaced by this growing dependency on technology – after all, a business without its staff is nothing more than an empty office. Any management strategy needs to take a holistic view, where the integration of technology is done within the context of its impact on the workforce.

Collaboration = office harmony The IT department holds the key. Previously considered as a necessary evil within the organisation, IT can now be wielded as a weapon for growth. Our recent research found that a massive 97% of business decision makers believed that closer alignment between business departments and IT would yield a competitive advantage. This could be in improving operational efficiency, saving cash or even opening up new revenue streams. Close collaboration with the CIO is vital to ensure that the business’ IT infrastructure is able to get the best out of its employees. The first step is ensuring that the IT department is not held in isolation, but is considered as an extension of each individual department (whether that is finance, HR or marketing). Technology is not valuable in itself (as an employee is), but is

Technology is not valuable in itself (as an employee is), but is merely a means to a business outcome and, as such, the IT department’s performance should be measured alongside the business as a whole merely a means to a business outcome and, as such, the IT department’s performance should be measured alongside the business as a whole. Have they managed to increase the efficiency, agility or cost effectiveness of the entire organisation? The question is no longer one of “balancing” technology and employees, but is about recognising that close collaboration between the two can make the business more than the sum of its parts.

Change comes from within Interestingly, these leaps in the capability of IT are not being driven by the CIO, but are coming from the end-user. The consumerisation of IT (most significantly in the rise of the smartphone and home computer) has allowed employees greater influence over working practices. Employees are shaping business technology, which in turn is changing corporate culture. The increasing popularity of the “bring-your-own-device” policies are testament to this: the idea of employees plugging personal devices into the system and taking mission critical data outside the office runs against every belief the CIO holds. The practice, however, is becoming commonplace in the enterprise, and is perfect example of CIOs collaborating with employees in order to help them work as effectively as possible. As Isaac Asimov, American author and professor of biochemistry, famously said, “I do not fear computers. I fear the lack of them.” What was true then carries even more weight now, as we become more dependent on technology and IT, in both our business and personal lives. This obviously brings with it potential benefits such as all-time availability, truly mobile operations and new ways of working, but also a significant shift and period of transition, to which we will all need to adapt.

www.vitalmagazine.co.uk | May-June 2014

Problem and Incident Management KT Plugin

KT Clear thinking built into

Kepner足Tregoe.com

VitAL Processes

Avoid the BYOD headache As the BYOD take-up continues to accelerate, unprepared companies may put their IT under ever more strain. Anand Sukumaran, Vice President â&#x20AC;&#x201C; Managed Services, at ITC Infotech, explores how preparation and solutions like CYOD can keep things running smoothlyâ&#x20AC;Ś

38% of companies plan to stop providing their workforce with devices at all by 2016, essentially making BYOD mandatory working continues to be a focal point of F lexible business IT strategy, and, as a result, Bring Your Own

stop providing their workforce with devices at all by 2016, essentially making BYOD mandatory.

Device (BYOD) has progressed from a leading-edge tactic to a basic provision in many workplaces. In fact, a global survey of CIOs by leading independent analyst, Gartner last year found that as many as 38% of companies plan to

Many companies are now feeling increasingly pressured to deploy remote and flexible working approaches to stay competitive, enabled by the increasingly easy access

www.vitalmagazine.co.uk | May-June 2014

VitAL Processes

to vir tualisation solutions. Other developments, such as changing legislature to make it easier for UK workers to request flexible working, have also added to the way workplace dynamics are shifting. In this environment, it’s easy to see why BYOD has become so popular. Providing IT equipment for staff has always been a costly process, and mobile phones, tablets and laptops, in particular, can cost many hundreds of pounds per year for each employee. Reaping the benefits of flexible working, while avoiding the overheads, seems like an ideal solution, but companies that rush into BYOD unprepared will be left at risk to serious issues that could lead to a much higher cost further on.

Managing data

BYOD or CYOD?

A less hyped, but increasingly popular alternative to BYOD is Choose Your Own Device (CYOD). This hybrid approach means that a company CYOD brings will offer a choice between a selection of even greater levels of devices for remote and flexible working, with worker then being free to utilise it for employee satisfaction the personal use as well.

than BYOD, as the employee is given access to a potentially top of the range new device for free

The most visible concern around BYOD is the security risk that comes with a work device being lost or stolen. A Freedom of Information Act request from security software vendor, McAfee recently discovered that 15,000 mobile phones were reported lost on the London Underground in 2013 alone, only around 2,000 of which were eventually returned. Larger devices also proved to be at risk, with 506 tablets and a further 528 laptops also lost.

With more workers taking up BYOD, an increasingly large percentage of those devices are likely to contain vital business information along with the usual private concern of photos and texts. With this in mind, companies must find the most effective way to clearly demarcate corporate and personal data. Enterprises are today implementing solutions that can keep corporate data secure. For providing such services on desktops, Virtual Desktop Infrastructures (VDIs) with offline capability clearly keeps both corporate and personal data separate. This also helps in ensuring compliance, and in addressing policies and legal matters.

Balancing work and leisure Alongside security, another potential headache for IT teams is managing the balance between personal and business functions on a BYOD device. One of the most effective solutions is to create a secure partition between the two halves. This means users don’t have to worry that their personal data is being accessed or monitored, and businesses gain further security assurance as work data cannot be saved or copied across the rest of the device. Blackberry was the first to implement a secure workspace for mobiles, followed by other phone providers. Secure partitions can also help to address some of the issues around wiping a device. The divide means that the work side can be safely erased while leaving the personal

www.vitalmagazine.co.uk | May-June 2014

data untouched, which is particularly useful when a user is going to be leaving the company. Regardless, many firms will still completely wipe a phone and delete personal data. Aside from damaging the professional relationship with the employee, it also opens up the potential for legal action, especially if it was not properly outlined in the BYOD policy.

CYOD does mean that a company must still foot the bill for the device overhead and support, but it also gives them full control of the ownership, and any SIMs and contracts for mobile devices, simplifying issues around privacy and security. It also sidesteps issues of implementation and suitability, such as conflicting operating systems or older devices. Additionally, CYOD brings even greater levels of employee satisfaction than BYOD, as the employee is given access to a potentially top of the range new device for free.

Planning and preparation Outside of any particular strategy or toolkit, the best approach a company can take for BYOD is to be well prepared. All firms should revisit their policies to make sure they are fit-for-purpose and account for new developments. Even early adopters who have been utilising BYOD for years are no exception here, as changing technology and legislature may have moved beyond their framework. IT departments must make sure all employees making use of BYOD are fully aware of the company policy, especially when it comes to a data wiping procedure and safeguarding private and work data. CYOD can help here, as there is less of a grey area when the company has full ownership. We also still see many users who create unofficial BYOD machines by adding email or remote desktop access themselves. It’s very important for all access to go through the company’s IT department so that it can be activated properly and authorised in line with policy. Far from enjoying flexibility and lower costs, companies that rush into BYOD without considering the risks and options will find themselves facing a serious challenge and leaving their IT with a major headache as they constantly fight fires. Just as with any other (more) tangible IT investment, proper preparation and planning is the key to a successful BYOD policy.

VitAL Processes

Get your financial figures right With financial results in from the first quarter, Neil Kinson,Vice President EMEA, Redwood Software, discusses why organisations must trust their numbers and how to ensure that trust with process automation…

Just using more people to complete the close creates a false sense of security. All of these additional human resources actually increase the risk from one of the biggest dangers that can hide in the whole process – human error complete the close creates a false sense of security. All of these additional human resources actually increase the risk from one of the biggest dangers that can hide in the whole process – human error.

Take action

quarter of the year is just behind us and the news T hehasfirst been littered with businesses releasing key results.

Apple announced it is again among the richest companies in the world, generating $45.6 billion in revenue in just three months, while Shell revealed it will boost dividends after beating first quarter estimates. It’s fantastic to publicise such great results. However, organisations have to be 100% confident these results are accurate – there is no room for error, especially in the media spotlight. Businesses that succeed are those that close on time and within budget, proving their strength and growth with an accurate account of their achievements.

No room for error Leading companies report their strength in many ways – with revenue growth, profit figures and high sales numbers. Getting all the right information together, however, can be a serious challenge – especially for big, complex organisations. Large numbers of manual journal entries take time to prepare and review. Balance sheet reconciliations demand many hours of staff time to review and revisit. Little time may be left for root cause analysis. With communication breakdowns, system problems and the receipt of incomplete data possible at any step in the close process, the accounting team often struggles to pull together all the right financial information quickly. Many organisations dedicate extra resources to the close to ensure they overcome these challenges and that figures are accurately reported on time. But just using more people to

According to a report by the American Productivity and Quality Center (APQC), to improve the financial close companies should, among other things, “use automation to boost process effectiveness.” But most still rely heavily on manual labour to close – even if they think they don’t. Socalled “automated closes” often only involve a proliferation of dashboards and graphs. Sure, this kind of visibility is a great start to gaining more control over the close, but simply having more “to do” lists doesn’t really help the close process itself. That requires action. Today there is too much information and not enough action in the financial close. Too much time and too many resources are dedicated to watching reports on processes and manually responding. Instead of just watching, why not change the way these reports are actually completed? True process automation isn’t just a planning chart or a status list. With process automation, organisations can build the logical steps that execute processes in the close with automated precision. Once the right processes are automated correctly, they occur exactly the same way every time. For the financial close, this kind of active consistency is essential. Intelligent automation ensures that all data sources are trustworthy and that nothing passes to the next step of the process until it is thoroughly reconciled. It removes human error and latency while it automatically validates data. You can even automate processes according to real business logic and take appropriate corrective action quickly if an error occurs – without the need for human intervention. With staff freed from firefighting problems they can manage by exception and refocus on analysis. Automation is the answer to a fast, efficient and accurate close. Reputation, brand loyalty and business growth are all at stake with these numbers. One error is one too many. It’s time organisations fully automate the close to get the high quality results required.

www.vitalmagazine.co.uk | May-June 2014

IT Asset Management

Tackle the 2014 IT license price rises Martin Prendergast, CEO of Concorde Solutions, warns organisations to beware of the cloud when it comes to licensing, and encourages negotiation…

for Windows XP finally came to a halt in April, and S upport many companies still using the operating system faced an inevitable realisation when upgrading: prices for IT assets have risen, a lot.

Cloud computing, hosted software, services and infrastructure, as well as mobile working have also exacerbated the potential problems caused by these often complicated pricing structures.

Sadly, not many businesses know how and why they should negotiate with vendors. Now is of course a good time to do so, as the end of the fiscal year rapidly approaches and IT budgets will be under pinpoint scrutiny

Martin Prendergast, CEO of Concorde Solutions, said, “Microsoft itself is one-step ahead of the curve, and replaced its three-year-old software licensing pricing structure with Server and Cloud Enrolment this January, encompassing the Windows Server and System Center.

1. Know the exact size and make-up of your software estate You can start your negotiations from a position of confidence if you’re making good use of your business intelligence.

Microsoft warned last year that 2014 and 2015 will see significant price rises, but while this can be a worry, there are some very simple ways to start to win the battle against it.

“It’s my firm belief that other major and independent software providers will follow suit, and for many businesses it’s a complex issue that has to be monitored on an almost daily basis, because the cloud is so fluid in nature. It’s too easy to get caught out with either huge fines or large unnecessary over-payment on software that you don’t use.” “Price increases are never going to be an easy or popular thing to communicate; SAP experienced this back in 2008, when it declared it would move all its customers to its Enterprise Support package – a far costlier option. Its customers reacted angrily and various global SAP user groups complained long and loud, resulting in SAP relenting and allowing Standard and Premium support packages to remain. “Sadly, not many businesses know how and why they should negotiate with vendors. Now is of course a good time to do so, as the end of the fiscal year rapidly approaches and IT budgets will be under pinpoint scrutiny. So trying to find cost savings is more important than ever. “Though negotiation appears daunting at first, there are some easy and perhaps even common sense steps that you can take to ensure you’re paying for the right amount of software licences that your business actually uses. Here follows my top tips.”

2. U nderstand what’s happening with mobile devices in your business This can have a huge impact on your licensing position and can expose you to compliance risk, because BYOD is still a fledgling practice. 3. Check the small print on your vendor contracts Remember, software maintenance clauses are not compulsory or always necessary; they make a lot of money for vendors and you may easily be able to live without them. 4. D on’t accept assumptions from vendors about your usage You may be using less, not more, and automatic “true-up” clauses in contracts may be bleeding your budget. 5. I f you’re making changes to your software estate, make use of scenario modeling Get a clear picture of the impact of licensing, and communicate this to your vendor; you may need to spend less than you think.

www.vitalmagazine.co.uk | May-June 2014

V ITAL INSPIRATION FOR THE MODERN BUSINESS

Subscribe for FREE! News, views, strategy, management, case studies and opinion pieces

www.vitalmagazine.co.uk/subscribe

INSPIRATION FOR THE MODERN BUSINESS

V ITAL V ITAL

An “augmented” future for wearable computing

Palm payments

VitAL Interview Investigating the security pressures felt by IT teams

VitAL Management Managing sustained innovation for a smarter planet

Looking back on 2013

cover_with spine_march_2014.indd 1

T H I R T YO N E

www.31media.co.uk

2014

VitAL’s 2014 Predictions:

INSIDE

VOLUME 8 | ISSUE 3 | MAY-JUNE

Are online IT training courses the answer?

VOLUME 8 | ISSUE 2 | MARCH-APRIL 2014

VOLUME 7 | ISSUE 6 | NOVEMBER - DECEMBER 2013

INSIDE

Changing the perception of IT

Customers will soon need a hand with their shopping

Can you envisage all the possibilities?

Published by

INSPIRA TION FOR THE MODER N BUSINE SS

INSPIRATION FOR THE MODERN BUSINESS

VitAL Report

VOLUM E 8 | ISSUE 3 | May - June 2014

MODERN BUSINESS

V ITAL

VOLUME 8 | ISSUE 2 | March - Apr il 2014

VitAL: INSPIRATION FOR THE

VitAL: INSPIRATION FOR THE MODERN BUSINESS

VOLUME 7 | ISSUE 6 | November-December 2013

The lack of women in IT is a real threat to the UK economy

INSIDE VitAL News Feature

Major software glitch at the heart

of the Internet

IT Service Management

What does the future hold for

ITIL?

20/03/2014 11:51

IT Asset Management

100% accurate ITAM data Software, inarguably, represents a key asset and investment for any organisation today. But by not embracing active efforts to systematically and strategically manage these critical investments, too many companies fail to treat these assets with care commensurate with their value, says John Lunt, Certero’s managing director…

nventory is moving from the traditional IT asset

where it was previously regarded as a I management commodity, but today it is essential for successful software

asset management. At its most basic level, any IT/SAM initiative must answer the question of “Who owns what?” Far too often, software and hardware inventory data – if it exists at all – is scattered throughout a company in varying formats; lacks formal ownership or oversight; and is fraught with error. Of course it is hard to build an SAM programme or strategy if the data you are basing your decisions on is either not there or not reliable; most of the traditional software inventory tools are strong in some areas, and weak in others. Many of the tools on the market today have been designed only to manage your ITAM requirements, and whilst they may provide some of the information, in general, they do not, out-of-the-box, provide enough information for you to manage your software.

Automated inventory The SAM industry is evolving with changing technology, and it is no longer good enough to simply reply on traditional “average” tool-sets to do the job. Organisations are finding that they can be more successful and prepared in their SAM efforts by investing in technology that automates the software and hardware inventory process, thereby reducing the excessive overheads associated with manual inventories and virtually eliminating error. Furthermore, effective tools automatically reconcile an organisation’s inventory data with purchasing information and pinpoint the location of any unlicensed software – a key benefit for any organisation concerned with compliance. Perhaps most importantly, these inventories can be easily run on a regular basis, which means that inventory data is always up to-date and accurate. But, do you have the resources in place to carry out a regular inventory? How often do you check the accuracy of the database? The next generation of discovery tools must be able to deal with the different methods of application delivery and adapt to the fast changing environments. Modern tools must therefore be able to cope with pretty much everything you throw at them, and be developing and improving to cope with the demands of tomorrow. Regardless of what toolset you use today or plan to use tomorrow, above all you must have 100% confidence in the data that it is providing you with. It must cover your entire estate – PCs, MACs, Linux, Servers. Ask yourself if your existing solution is able to manage all of your applications whether this is Microsoft’s Office 365 or your Oracle estate, because if it doesn’t, no matter what licence management tools you use to calculate your entitlement, if the underlying data is wrong your calculations will be wrong!

Regardless of what toolset you use today or plan to use tomorrow, above all you must have 100% confidence in the data that it is providing you with New methods of application delivery It should not matter if an application is in the cloud, servicing a remote worker or delivered form a virtual environment. In a cloud environment, how are you going to monitor your use of software technology to ensure you are only paying for what you need, and that you have the correct licence agreements in place to allow you to use your software assets in this manner? Add to this other trends with application streaming (SaaS) and BYOD, or slightly more traditional technologies like Virtualisation or Citrix. Your IT environments are changing faster than ever whether this is through growth or shrinkage – new applications, smaller IT resources, faster ROI are all significant factors driving this change and today’s SAM technology is built for this purpose.

Top tips for improving ITAM outcomes Today: Ensure your organisation has a centralised database containing information about your hardware and software assets across your entire organisation. Next week: This information needs to be validated and checked regularly. Are these processes in place? Six months: An on-going and continued self-assessment will ensure that the data is kept accurate and up to date. Today’s SAM tools can automatically reconcile licensing information. But the processes need to be in place to ensure this is done regularly to keep accurate.

www.vitalmagazine.co.uk | May-June 2014

Service Management excellence in The Cloud Compelling cost model Full system management, high availability and support all included No infrastructure or maintenance overheads

Any device, any location Accessible via your favourite device Contemporary Web 2.0 responsive user interface Available wherever there’s an internet connection

Gamify your Service Desk Compete in gamification challenges and improve team performance Gain experience and “Level Up” Show off your support prowess with badges and rewards

Wallboards, Dashboards and Wizards Service Desk Institute approved reporting suite for key performance management View trends and compare progress over time Improve decision making and efficiency

Service and Process Management beyond the IT department Think, create and extend beyond the IT Service Desk Automate and manage business processes and tasks across the organisation No need to be a coder to personalise and extend your solution

Telephone: Email:

020 8391 9000 welcome@sunrisesoftware.co.uk

www.sunrisesoftware.co.uk/5aday

Breakthrough Technology

“Intelligent” pedestrian crossings Sophie-Marie Odum investigates TfL’s plans to launch “intelligent” pedestrian technology, which it hopes will make crossing the road easier and safer…

This really is a fantastic example of how London is leading the way by using 21st Century technology to help make it easier for people to get around our great city introduction of Pedestrian Split Cycle Offset T heOptimisation Technique AKA “Pedestrian SCOOT”

is the world’s first crossing sensor. It uses state-of-the-art video camera technology to automatically detect how many pedestrians are waiting at crossings. The Mayor of London, Boris Johnson, and Transport for London (TfL) have outlined plans for trialling new pedestrian crossing sensors to help make it easier and safer for people to cross the road throughout the capital.

Safer crossings SCOOT enables the adjustment of traffic signal timings automatically to extend the green pedestrian invitation to cross phase when large numbers of people are waiting, allowing more people to cross the road. In addition, TfL is developing a “call cancel” technology, which can detect when a pedestrian who has pushed the crossing button has either crossed before the signal goes green or walks away, and therefore cancels the pedestrian crossing phase. This latest initiative follows on from TfL’s successful development of Pedestrian Countdown technology, which tells pedestrians how long they still have left to cross the road once the green pedestrian phase has gone out. The forthcoming trials are also an early example of how TfL will use innovation to change the management of London’s road network to better reflect the character of the local area. Subject to the outcome of the trials, TfL is hopeful that it can

further develop the technology to use at other high footfall areas such as outside sporting venues or along busy high streets.

London is leading the way Boris Johnson, said, “I am delighted that London is the first city in the world to be trialling this cutting-edge equipment, which will benefit pedestrians across the city. “This really is a fantastic example of how London is leading the way by using 21st Century technology to help make it easier for people to get around our great city.” Leon Daniels, managing director of Surface Transport, added, “These new trials of pedestrian detection technology will allow our traffic signals to become even more intelligent, bringing huge benefits to those waiting to cross the road where there is heavy pedestrian demand.” The first trials of pedestrian SCOOT will take place on crossings outside Balham and Tooting Bec Underground stations this summer to allow TfL to fully test the pedestrian sensors, and how they interact with the existing vehicle SCOOT system. This news comes alongside the completion of the first phase of the Pedestrian Countdown programme, and the publication of “Safe London Streets - Our Six Road Safety Commitments”, a new document which states how TfL, the boroughs and its partners, will meet London’s target of reducing the number of people killed and seriously injured on London’s streets by 40% by 2020.

www.vitalmagazine.co.uk | May-June 2014