VOLUME 8 | ISSUE 6 | November - December 2014
Smart glasses help the blind “see” INSIDE Looking ahead: 2015
Tight IT budgets to drive efficiency demands in 2015
News feature
Preparing for new EU data protection regulations
Shared Service Management The natural way for all your departments to work together
IT
Let your services flourish with Shared Service Management.
Our software is standardized, modular and scalable. Moreover, it is available
TOPdesk’s service management software features modules that are
both as on-premise and SaaS. This makes it the ideal tool for quickly and
designed specifically for supporting departments such as IT, FM and
successfully building a shared service centre – no matter your world.
HR. Creating a cohesive work environment has never been easier. Want to learn more? Call us at (0)20 7803 4200 or visit topdesk.co.uk.
Service Management Simplified
Contents
Contents 8 NEWS Poor password habits costing UK businesses £130K UK public fears the advance of internetenabled devices Largest ever study of European data privacy breaches
16. Preparing for new EU data protection regulations
Are firms not taking business process resilience seriously enough?
18. Finding a needle in an empty room
14 LOOKING AHEAD: 2015 Tight IT budgets to drive efficiency demands in 2015
16
NEWS FEATURE Preparing for new EU data protection regulations
18 VitAL SECURITY Finding a needle in an empty room Dr David Chismon details how and why large enterprises should be using honeypots as a means to detect and monitor any attempts at illegitimate access to sensitive data. He also includes some helpful tips for making honeypot projects successful...
22 Wearables:The next frontier of security risks? Following the big hullabaloo last month when a researcher released his findings that Google Glass was a security risk, Charles Sweeney looks at whether or not wearables are the next frontier of security vulnerabilities...
24 COVER STORY The role of technology in transforming the lives of people with sight loss
24. The role of technology in transforming the lives of people with sight loss
www.vitalmagazine.co.uk | November-December 2014
During a recent demonstration event held at The Ivy, in London,VitAL Magazine had a great opportunity to try out revolutionary new smart glasses, which help blind and partially-sighted people to “see”. Sophie-Marie Odum reports...
3
THE EUROPEAN SOFTWARE TESTING AWARDS
2 0 1 4
RECOGNISING AND CELEBRATING TECHNICAL EXCELLENCE
18th November 2014, Old Billingsgate, London
BOOK YOUR TABLE NOW www.softwaretestingawards.com Choose from two different packages for a table of 10 Standard package • Three-course meal • Free-flowing house wines, bottled beer and soft drinks VIP package • All of the above, plus access to the VIP reception, networking with key opinion leaders and industry figures Prices for individual spaces are available on request.
Book your place at this exclusive, black-tie event for the software testing industry, which honours and recognises individuals, teams, and businesses that are actively involved in the pursuit of technological perfection. Headline Sponsor
Sponsors
MAGAZINE
Supported by
THE EUROPEAN SOFTWARE TESTER
Contents
Contents 26
VITAL PROCESSES
26. Is outsourcing software testing still a risky business?
Is outsourcing software testing still a risky business? Outsourcing software testing is becoming standard practice, but many projects still fail to meet their objectives. Babuji Abraham explores best practice in ensuring projects succeed...
32 How to thrive in the “Age of the Customer” With the rise of the Internet, businesses must work to encourage loyalty from their customers as we enter the “Age of the Customer”. Neil Chapman explains how businesses can adapt to these new circumstances and use them to their advantage...
34 VIRTUALISATION
36
The Internet of Things: The impact on enterprise networks
Easing network woes in a cloudy world of change and complexity The piecemeal transition to a wholly virtual environment is causing IT departments endless security and compliance headaches, but a new breed of software known as security policy orchestration can quell the pain, argues Reuven Harrison...
VitAL MANAGEMENT
Research commissioned by Infoblox found that more than half of IT networks are already at capacity, leaving no room for the explosion of devices and data that the Internet of Things (IoT) will bring. Cricket Liu explores the survey’s findings and their implications...
41 Does your website meet the legal requirements? Whilst technology has allowed even the smallest business to enhance the appearance and functionality of their website, the need to comply with the legal requirements set out under UK and EU law appears to have passed many by, Nichola Jenkins discusses this growing area of concern with VitAL Magazine...
46
REAKTHROUGH B TECHNOLOGY 3D-printed rocket is out of this world
36. The Internet of Things: The impact on enterprise networks
www.vitalmagazine.co.uk | November-December 2014
VitAL Magazine reports on a new project by a British team whose mission is to launch the first ever, 3D-printed rocket into space...
5
Assurance is the science of optimization. In today’s overly complex technology world, testing and QA functions must balance the art of perfection with the science of optimization. There exists a way: Tata Consultancy Services (TCS). With TCS’ independent enterprise testing arm, Assurance Services Unit (ASU), you can balance your testing needs and business goals with market-proven, world-class experience, expertise and guidance. Visit tcs.com/assurance and you’re certain to learn more. Or write to us at: global.assurance@tcs.com
IT Services Business Solutions Consulting Scan the code to know about TCS Assurance Services
Leader EDITOR Sophie-Marie Odum sophie.odum@31media.co.uk Tel: +44 (0)203 056 4599 ADVERTISING Advertising Executive Sarah Walsh sarah.walsh@31media.co.uk Tel: +44(0)203 668 6945 DESIGN & PRODUCTION Tina Harris tina.harris@31media.co.uk EDITORIAL & ADVERTISING ENQUIRIES 31 Media Ltd 41-42 Daisy Business Park, 19-35 Sylvan Grove, London, SE15 1PD Tel: +44 (0) 870 863 6930 Email: info@31media.co.uk Web: www.vitalmagazine.co.uk © 2014, 31 Media Limited. All rights reserved. VitAL Magazine is edited, designed, and published by 31 Media Limited. No part of VitAL Magazine may be reproduced, transmitted, stored electronically, distributed, or copied, in whole or part without the prior written consent of the publisher. A reprint service is available. Opinions expressed in this journal do not necessarily reflect those of the editor or VitAL Magazine or its publisher, 31 Media Limited. ISSN 1755-6465
Could new technologies revolutionise the UK’s transport system? Hello, and welcome to the November 2014 issue of VitAL Magazine. Whether you are a driver or a user of public transport, you may be happy to learn that local authorities could soon make use of new technologies – such as big data analytics and cloud computing – for many things from locating potholes to monitoring air quality. A guide, launched by the Institution of Engineering and Technology (IET) and Intelligent Transport Systems (ITS), sets out some of the advantages new technologies can bring in solving existing and future transport problems. Examples range from smartphone apps to determine road and cycle path conditions, to Bluetooth systems that allow transport operators and planners to analyse journeys across multiple transport modes in near real-time. It also discusses some of the important issues when implementing these new solutions, including open standards, security and privacy issues.
T H I R T YO N E
Alison Carr, director of Governance and Policy at the Institution of Engineering and Technology, explained, “Recent advances in transport technologies offer excellent opportunities for local authorities to deliver transport services more effectively and efficiently – but there are a number of barriers to overcome, from lack of awareness of what is possible to the need for new, more flexible procurement.
VitAL Magazine, proud to be the UKCMG’s Official publication.
“This guide aims to open local authorities’ eyes to the new world of possibilities out there when it comes to developing their transport systems – and to the opportunities new technologies present to reduce costs.”
PUBLISHED BY:
ITIL ® is a Registered Trademark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the US Patent and Trade Mark Office. PRINCE2 ® is the Registered Trade Mark of the Office of Government Commerce. MSP ® is the Registered Trade Mark of the Office of Government Commerce.
As a new year dawns, we look forward to which technology trends will make headway in 2015. As items around the home become increasingly “smart”, it’s positive news that the UK transport system will embrace revolutionary new technologies, which could improve its services for all. Wishing you all the best for 2015!
Sophie-Marie Odum Editor
www.vitalmagazine.co.uk | November-December 2014
7
News Poor password habits costing UK businesses £130K Poor password habits are putting employers at risk and losing them hundreds of thousands of pounds in lost productivity, according to new research. According to Centrify Corporation’s survey of 1,000 UK workers, the average employee wastes £261 a year in company time on trying to manage multiple passwords, which, for a company with 500 staff, is a loss of more than £130,000 a year. Barry Scott, EMEA chief technology officer for Centrify, said, “According to our survey, over a quarter of us now enter a password online more than 10 times a day, which could mean 3,500 to 4,000 times a year. This is becoming a real challenge for employers who need to manage security and privacy concerns,
and for employees who are costing their companies time and money.” Yet while around half (47%) use their personal mobile devices for business purposes, one in three (34%) admit they do not actually use passwords on these devices even though they keep office email, confidential documents, customer contact information and budget information on them. In addition, more than one in three (38%) have accounts they cannot get into any more because they cannot remember the password; 28% get locked out at least once a month due to multiple incorrect password entries; and one in five change their passwords at least once a month, 8% change them every week. Most have little faith in password security – just 15%
believe their passwords are “very secure”. The problem with password management will only get worse, with 14% believing they will have over 100 passwords to deal with in the next five years.
Plans to transform delivery of public services Britain’s tech industry has today launched a three-point plan to transform the delivery of public services, responding to public and political concerns about the use of digital technology in government. The plan, put together by techUK, the industry trade body, and its members, comprised of both large and small tech suppliers, is designed to bring more industry expertise and knowledge into government, making it a more demanding customer. It also sets out how the industry will work with government to help ministers and officials experiment and innovate more successfully with technology. The plan directly addresses issues with the way the Government and tech industry work together as outlined in the Office of Fair Trading (OFT)’s report into public sector technology, and in an independent investigation of civil service attitudes, which showed officials wanted better value through a better relationship. techUK members believe the plan can help bring the best of digital technology into government, delivering better public services at greater value to citizens. The plan has three points: 1. Better engagement, to support civil servants earlier in the process and help develop policy with technical expertise
2. Better information, providing standardised, transparent reporting 3. More innovation, giving civil servants the opportunity to experiment and explore solutions in a risk-free environment. Julian David, chief executive of techUK, said, “This is all about bringing the full power and potential of digital technology into the public sector and improving the lives of ordinary people. As an industry, we recognise that we can do better, and we want to help. “This plan is designed to do that by improving the way we work with government, flooding it with expertise and knowledge about digital technology and how the tech industry works. It will make government a more demanding customer, and give them the ability to test new ideas and innovations safely without the fear of failure. “Now we want to move forward positively with government and make this plan a reality. The prize is better public services, and a public sector that is able to make crucial savings in an age of austerity. Everyone benefits.”
Follow VitAL Magazine on Twitter: www.twitter.com/VitALMagazine
8
www.vitalmagazine.co.uk | November-December 2014
News Growing urgency for organisations to embrace big data analytics
UK public fears the advance of internet-enabled devices UK consumers fear that technology is overtaking their lives, with many increasingly concerned about the pace of change they face, according to the latest KPMG survey. Results also highlight discomfort with the greater surveillance of everyday life and a cynicism about the need for connected devices. KPMG surveyed over 1,600 consumers across the UK to identify attitudes towards the Internet of Things, and aimed to gauge their views around intrusiveness, security and the value of connected devices.
A new global study, Industrial Internet Insights for 2015, from GE and Accenture reveals there is a growing urgency for organisations to embrace big data analytics to advance their Industrial Internet strategy. However, less than one third (29%) of the 250 executives surveyed are using big data across their company for predictive analytics or to optimise their business. But progress is underway. The majority of the companies (65%) use big data analytics to monitor their equipment and assets to identify operating issues and enable proactive maintenance. 62% have implemented network technology to help gather vast amounts of data in dispersed environments such as remote wind farms or along oil pipelines. “Few technology areas will have greater potential to improve the financial performance and position of a commercial global enterprise than predictive analytics,” according to Kristian Steenstrup and Stephen Prentice, Gartner. Two thirds (66%) of the executives surveyed across eight industrial sectors believe they could lose their market position in the next one to three years if they do not adopt big data, which the report suggests is needed to support their Industrial Internet strategy. Additionally, with 93% already seeing new market entrants using big data to differentiate themselves, 88% of the executives stated that big data analytics is a top priority for their company. Nearly half (49%) of the companies represented in the study said they plan to create new business opportunities that could generate additional revenue streams with their big data strategy, while 60% expect to increase their profitability by using the information to improve their resource management. “The Industrial Internet, fueled by machine-to-machine data inputs, has the potential to drive trillions of dollars in new services and overall growth. But to reap those rewards, industrial companies will need to use insights about their customers and their customers’ use of industrial goods to build new offerings, reduce costs and reinvest their savings,” said Matt Reilly, senior managing director, Accenture Strategy. “To get there, many must work through a multitude of issues to use their machine data for more advanced forms of predictive data analytics, including sourcing the right analytics talent to ensure effective execution and scaling of analytics programs.”
www.vitalmagazine.co.uk | November-December 2014
More than half (58%) resent the idea that computers seem to run their lives “wherever I go”, and 70% suggest that with the marketplace flooded by inter-connected devices, it’s “too easy for things to go wrong”. The survey goes on to reveal that UK consumers are hankering after a return to “simple” technology. Many, for example, mainly want their phone only to make calls (54%) and the majority think that more advanced internet-based products such as smart fridges, which self-order food or cookers reminding owners about recipes, weren’t seen as necessary. Asked why they are cynical about the advance of the Internet of Things, respondents questioned how it’s possible to keep personal information private, with 56% of those polled concerned about a “Big Brother” effect occurring as a result of these products, and the pace at which they are being produced and implemented. In a work environment, more than one third (36%) suggested employers are monitoring their every action. Mark Thompson, a senior manager in KPMG’s Cyber Security practice, said, “Security and privacy are high on the list of worries for the consumer with 62% of believing that there is insufficient concern about it. The fact remains that where once an Englishman’s home was considered to be his castle the advent of the Internet of Things means that fortress walls can be breached more easily.” However, 48% of respondents welcomed the idea that smart meters can save energy and money. Four in 10 also suggest that health monitors, which issue warnings about impending illness are a good idea, and 46% want to use security systems to monitor their property whilst away from home. Thompson added, “There are also so many opportunities for the latest technologies to provide value and enhance our lives, but we are failing to take advantage of them and we will continue in that vein until consumers can be convinced that always-connected devices are safe and worthwhile.”
9
News Largest ever study of European data privacy breaches Findings from a report released by Central European University’s Center for Media, Data and Society (CMDS) indicate that the personal data of millions of Europeans have been compromised with 89% of the breaches the fault of corporations, rather than governments or other kinds of organisations. 24% of the Europe-specific breaches were the result of breach attacks launched from the UK, and for every 100 people living in the UK, 200 personal records have been compromised. Philip Howard, CEU Professor of Global Media and Communication and director of CMDS, said, “This is the largest investigation of privacy breaches in Europe ever undertaken. We looked at 350 incidents over a 10-year period,
with a very focused look at the 229 incidents that directly involved the privacy of people living in Europe.” The total population of the countries covered in this study is 524 million, and the total population of Internet users in these countries is 409 million. Expressed in ratios, this means that for every 100 people in the study countries, 43 personal records have been compromised. For every 100 Internet users in the study countries, 56 records have been compromised. One of the team’s main findings is that the loss of private information seems to involve organisational insiders more than malicious hackers. According to Howard, 57% of the incidents involved organisational errors, insider abuse, or other internal mismanagement (2% unspecified).
4.6 million employees lose employer data due to malfunctioning personal technology 4.6 million UK employees have lost work-related data in the last 12 months due to corrupted and malfunctioning personal devices or cloud services, according to new research from Kroll Ontrack. Kroll Ontrack warns that this is a significant risk to businesses, and could be much worse as one in three (33%), or 10 million UK employees, use personal devices or cloud services to store employer data. Without effective data usage guidelines, businesses risk losing control of their critical data and open themselves up to inefficiencies and potential legal action through data protection failures. Paul Le Messurier, programme and operations manager at Kroll Ontrack, said, “It is interesting to see that data loss from personal mobile devices has doubled in two years from 7% in 2012 to 13% this year, reflecting the proliferation of mobile devices in the corporate environment. “Businesses must begin adapting to the future working environment where employees access files through a number of channels, not all of which will be immediately vetted by the employer. IT decision makers must accept that this trend will continue and data loss from a wider array of devices will occur as new technology is released to consumers. We would urge businesses to protect critical business data through implementing clear data usage, backup and security guidelines.” Kroll Ontrack’s research shows that successful recoveries of work data have increased in the past two years across home desktops (11% to 19%) and personal mobile devices (5% to 8%). However, successful recoveries have decreased for laptops and tablets (20% to 17%). Whilst the situation is improving overall, it is still alarming that only two fifths (43%) of employees were able to recover lost work data from their personal devices in the last 12 months.
10
“In the news, we hear a lot of news stories about hackers who break into systems and steal our personal information.” Howard said. “But that was the minority of incidents – far and away, most of the cases organisational errors, insider abuse, or other internal mismanagement.” Howard believes that the next move for public policy is mandatory reporting. “When personal records are compromised, both companies and government offices should be required to report the possible privacy breaches both to the victims and a privacy commissioner. Most people don’t know who has legitimate access to their personal records, and they deserve to know when those records have been compromised.”
Only 15% of enterprises are “fully prepared” to meet mobile requirements Having surveyed more than 200 IT professionals from a diverse range of industries and regions worldwide, the FrontRange report, “Enabling Unified Endpoint and Service Management for a Mobile Workforce,” highlights the strategies needed to support an increasingly mobile workforce in modern enterprises. According to some of the key findings revealed in the survey, which was conducted in conjunction with Enterprise Management Associates (EMA), only 15% of organisations reported they were fully prepared to support mobile requirements. This is despite the fact that 60% indicated they considered mobile management important or critical to their business. The report found that larger organisations were more likely to be prepared than smaller organisations by roughly 50%. The survey results also indicate that a company’s perception on the importance of workforce mobility is of greater significance than economic factors, the size of the company or the resources it has available. Also of note from the survey results is an increasing awareness of the need for a unified approach to endpoint management, with more than half of survey respondents indicating a preference for a single solution that supports both mobile devices and PCs. The majority of survey respondents also indicated a preference for cloud-based mobile management solutions and, in particular, hybrid cloud approaches (leveraging both private and public cloud components).
www.vitalmagazine.co.uk | November-December 2014
News Are firms not taking business process resilience seriously enough? According to a new report from FT Remark and Wipro, business process resilience is mission-critical, but businesses may be missing opportunities to fortify themselves. The global survey of 330 C-suite executives, Building Confidence: The Business of Resilience, nearly all respondents (98%) agreed that technology risk management is important or very important to the overall running of their firms, and 84% felt their firms’ technology risk management programmes add value. But 35% described their firms’ spending on technology risk management as “focused on the next year”, with a further 17% working on a “projectby-project basis”. Less than half (41%) described their spending as “focused on the long-term”. In addition, only 15% of those surveyed said decisions on technology risk management were made at board level, even though system failures have implications that reverberate throughout businesses’ ecosystems. This report seeks to identify how businesses are rising to the challenges that technology presents, and how they are making their businesses more resilient in the process through strategies, investments and partnerships.
Nick Cheek, managing editor at Remark, part of the Mergermarket Group, said, “In developing resilience plans, businesses should consider the full range of their operations, from customers to third party suppliers. Businesses should also concentrate on making themselves agile and modular, so that they can minimise the impact of negative events.” “Firms should think of business process resilience broadly,” added Alexis Samuel, global managing partner, Wipro Consulting Services, Wipro. “Rather than being considered fodder for CIOs or CTOs, corporates should view these issues as board-level ones that have far reaching implications for disparate business arms.” Balasubramanian Ganesh, chief executive - Products & Solutions business, Wiprom, commented, “Over the years, the level of investment has not kept pace with the level required to address inherent and emerging risks in provision of services to customers. The aggregate impacts of this underinvestment, accompanied by increase in customer expectations, have created risks to service which are no longer acceptable. Such risks will typically need to be addressed by a significant and sustained programme of investment.”
No “one-size-fits-all” solution for MSPs to provide critical customer support Sunrise Software has published a paper outlining the benefits of an ITIL-based solution for Managed Service Providers. The paper states that there is no “onesize-fits-all” for MSPs to provide critical customer support. While MSPs have many similarities, each still has their own processes for managing customer service data, therefore an ITIL-based system that can be customised to the specific and complex requirements of each MSP is currently the best fit available. Author of the paper, Neil Penny, product director at Sunrise Software, said, “Not for nothing is ITIL, now in its third iteration, globally recognised as the standard by which to manage IT. Given that IT departments within large organisations are effectively acting as an MSP to the business, it makes sense that the solutions they use to manage critical customer support would be a good basis for a solution suitable for MSPs managing external customers. It is important that the base product is comprehensive enough to deliver all the standard functions with plenty of flexibility to also provide the unique functionality that each MSP requires.” MSPs need to be able to manage diverse service contracts with attendant customer hierarchies and billing structures, multiple Service Level Agreements (SLAs) and back-to-back third-party agreements. They also need to be able to catalogue all their products and services, keeping track of entitlements, renewals, credits, penalties and terminations.
12
Uncovering cloud adoption trends in European organisations The European Cloud Adoption and Risk Report, which, analyses real-life cloud usage data from 1.6 million European users, has been released by Skyhigh Networks. In Europe, the number of cloud services in use by the average company increased 23 percent, rising from 588 in Q1 to 724 in Q3. However, not all of these services are ready for the enterprise. Developed in conjunction with the Cloud Security Alliance, Skyhigh’s Cloud Trust Program tracks the attributes of cloud services and ranks them according to risk. The report found that only 9.5% of all services meet the most stringent security requirements, including strong password policies and data encryption. The report also reveals a worrying lack of conformance to the EU Data Protection Directive, particularly with regards to the transfer of personally identifiable information outside Europe. Skyhigh found that nearly three quarters (74.3%) of the cloud services used by European organisations do not meet the requirements of the current privacy regulations, with data being sent to countries without adequate levels of data protection. With stricter policies and harsher penalties set to come into force soon, organisations have just a short window to address these issues. Rajiv Gupta, CEO, Skyhigh Networks, said, “The growth in cloud services being used in Europe is testament to the benefits users see in the services on offer. On the other hand, the IT department needs to make sure that these services don’t put the organisation’s intellectual property at risk. This report analyses real-world cloud usage data to shine a light on the extent of Shadow IT.” Echoing the last report, much of the adoption of cloud services still remains under the radar of IT departments with 76% of IT professionals not knowing the scope of Shadow IT at their companies but wanting to know. As such, a key problem that IT teams face is the enforcement of an acceptable use policy. In terms of trends, the report found that 80% of all corporate data uploaded to the cloud is sent to just 15% of cloud services, which makes it easier for IT teams to prioritise security and risk analysis.
www.vitalmagazine.co.uk | November-December 2014
Looking Ahead: 2015
Tight IT budgets to drive efficiency demands in 2015 Research has found that businesses are focusing on efficiency in the short term, but looking to SDN and NFV for longer-term innovation, VitAL Magazine reports…
efficiency will be the number one priority for IT I ncreasing departments in 2015, as organisations look to get more value out of their IT spend, according to research released by Brocade. The research, taken from a survey of UK-based, IT decisionmakers (ITDMs), found that increasing efficiency is a top priority for 53% of IT leaders in 2015. Budget restrictions are the main driver behind this need for efficiency, with just 31% of organisations expecting their IT capital expenditure budgets to increase in the coming year, with over two-thirds (69%) predicting that budgets will stay flat or decrease. Despite budgets remaining flat, there is a clear need for change: less than one in three (31%) of ITDMs are very confident that their existing network infrastructure will be able to cope with the demands likely to be placed on it in the next 12 months. However, with budgets tight, IT leaders are struggling to manage this issue. 33% of IT departments are prioritising improvements to existing infrastructure to support business growth in 2015, while 32% are focusing on simply keeping their existing infrastructure up and running for another year.
14
Longer-term, the research found there is a strong appetite among IT leaders for more innovative approaches to networking. This includes moving to the New IP, which is necessary to support the growing demands of mobile technology and cloud computing. 40% of respondents said they are planning to deploy Software-Defined Networking (SDN) within the next five years, with 30% of those likely to do so in the next three years. 34% of organisations are looking to adopt Network Functions Virtualisation (NFV) within five years, with 27% keen to do so before 2018.
Misunderstanding SDN and NFV However, there is still a lack of knowledge about these technologies among some businesses. Many of the IT leaders surveyed admitted that they are still unsure of their potential benefits: 37% of respondents said that they do not fully understand SDN, with 45% saying the same about NFV. Commenting on the findings, Marcus Jewell, EMEA Vice President, Brocade, said, “It is clear from this research that IT departments are under growing pressure to do more with less. With the majority of network architectures predating today’s most influential technologies – from cloud services to mobile computing – it is not surprising that many organisations www.vitalmagazine.co.uk | November-December 2014
Looking Ahead: 2015 simply do not have the infrastructure they need to support the business effectively. “With budgets remaining tight, the focus for many in 2015 will be on driving greater efficiency. However, a significant number of businesses are looking to SDN and NFV to help create a network fit for the demands of the future. While our findings show that there is growing enthusiasm among IT leaders for these technologies, a significant number still do not fully understand the potential benefits. It’s clear therefore that more education is needed if SDN and NFV are to truly realise a new kind of IP network that is better aligned with the evolution of the rest of IT.”
Cloud services In the immediate future, there will likely be an increased reliance on cloud services. 63% of those surveyed identified cloud computing as the technology that is likely to have the biggest impact on their business in the next year. Server virtualisation and Big Data (19% each) were also seen as significant new technologies in 2015, alongside 3D printing (20%). Despite rapid consumer adoption of wearable technology, it is not expected to have a significant impact on enterprise IT for some time, with just 12% of respondents expecting wearable devices to have any impact on their organisations in the next 12 months. “Given the focus on efficiency, it is not surprising that many organisations expect to be increasingly reliant on cloud services in the coming year, as this is potentially a great way for IT departments to deliver more value without increasing capital expenditure,” commented Jewell.
“Cloud computing – in conjunction with pervasive mobility and the Internet of Things – will also have a major impact on the role of the New IP. These are all network-centric computing models and so will only add to the need for fast, flexible, and reliable connectivity. It is therefore vital that the network is fitfor-purpose so it can enable, rather than inhibit, the expected growth of cloud services.”
Further key findings: Other key findings from the research included: • Subscription models are set to become more common in all areas of IT. Over a third (34%) of ITDMs surveyed said that they would be interested in buying their network infrastructure on a subscription basis. • Looking ahead to the skills that will be needed by IT leaders in 10 years’ time, it is clear that end-user preferences will become a major driver of IT decision making. “Understanding how users want to use technology” was identified as a critical attribute for IT leaders by 37% of respondents, second only to “technical knowledge” (43%). • In fact, understanding user preferences was considered to be significantly more important than “administering policy controls” (23%), “using data to deliver business insights” (20%), or even engaging with business leadership or other departments (16% and 15%, respectively). • Less than one in five (19%) of respondents are very confident that their organisations will have the necessary IT skills to succeed in 2025, suggesting that businesses will need to invest in more training as the role of the IT department evolves.
Funky new tech for 2015 Here’s some interesting business technologies you should look out for in 2015… • Doing business on the tablet With mobile technology firmly established in households of developed countries and smartphones on the rise in developing countries, people are bringing their own devices to work and using them in a productive way; there will also be a stronger focus towards mobile users in general. • Infinite data centres Server racks are using less power, getting more compact and are storing more and more data for the same physical space; increasing processing power on these is also more feasible. • Big data clean-ups Now that Big Data has been around for a while, companies are still struggling to disseminate the information; Gartner advises in favour of virtualisation and deduplication before cutting out any unnecessary inputs - what’s left should then be prioritised to make it useful. • Service desks are shrinking With crowdsourcing delivering real-time support to customers, the reactive approach of traditional service desks is losing popularity. • Solar power Due to the intermittent nature of solar and wind power generation, some developers are turning their attention
www.vitalmagazine.co.uk | November-December 2014
towards cleaner coal power and even nuclear technologies; it is therefore expected that development of solar and wind technology to slow down, making them more expensive to produce and appropriate. • Electric cars Kachan & Co indicates that electric cars will struggle a bit going forward because of recent advancements made on the combustion engine, which produces lower carbon emissions and provides better fuel economy; yet companies like Tesla are forging ahead with its world famous electric cards and further investment in more efficient battery technology. Risky business With innovative technology also comes new security risks. Especially in the realm of mobile computing where BYOD was once considered a “disruptive” development, still corporate security policies are not keeping up. Only one in 25 businesses in the UK have a full BYOD policy in place. This leaves a lot of room for interpretation and exploitation by employees and unwelcome outsiders. In the cloud computing space, securing data of virtual machines should be a main concern. It’s worth noting that virtual environments are also being created for mobile device access as a central point of control from a security perspective. Disaster recovery technology becomes essential while virtualisation practices are still maturing.
15
News Feature
Preparing for new EU data protection regulations Paul Doble, chief sales and marketing officer at DX, advises businesses on how to take action to help ensure their systems comply with new EU General Data Protection Regulations, which are set to be enforced in 2017… 2017, all firms operating in the UK (and Europe) F rom will be required to conform to the new, stringent, EU
• Strict 24-hour time frame to notify EU Regulatory Authorities of data breaches.
General Data Protection Regulations, with the threat of heavy fines for those that don’t comply. Changing technology and the lack of a clear line governing how data should be treated in cross-border communications has led regulators to devise this new standard, which will surpass the current requirements in place anywhere in Europe.
• The new “right to be forgotten”, which requires data controllers to delete data that is no longer relevant and ensure deletion by third parties.
In business terms, 2017 is still a little way off, but by taking a glimpse into how the new regulations are starting to shape up, the scale of the change that some firms will face quickly becomes clear. The General Data Protection Regulation is expected to introduce the following measures: • Tougher consent requirements when obtaining personal data from individuals.
16
• The compulsory appointment of data protection officers for all public authorities and companies processing more than 5,000 data subjects a year. • The application of the legal requirements to non-EU data controllers processing European citizens’ data. In addition, there is a significant increase on fines for those who fail to comply. The existing penalty for a breach in the UK is £500,000, but the new regulations are predicted to enforce
There is a significant increase on fines for those who fail to comply.The existing penalty for a breach in the UK is £500,000, but the new regulations are predicted to enforce fines of up to 5% of a company’s annual revenue, or $100million, whichever is most severe
www.vitalmagazine.co.uk | November-December 2014
News Feature
fines of up to 5% of a company’s annual revenue, or $100million, whichever is most severe.
Changing attitudes
Few would argue that the current European data protection laws are fit for the modern age. When these regulations were issued in 1995, the Internet and many of today’s digital devices were far from dominating the workplace as they now do
For many firms, particularly those outside of the technology sector, the changing regulations are not only a distant concern, but also something beyond the focus of their current business activity. It is these firms – which handle personal and confidential information but do not consider themselves data centric – that are in particular danger of being caught out by the changes.
Taking the example of the legal industry, and in anticipation of the regulatory overhaul, DX commissioned research into legal departments and law firms to gain insight into current attitudes and concerns surrounding data protection. Its 2014 Information Security Survey revealed that one in 10 legal professionals don’t know if they comply with current regulations – a worryingly high statistic. Such findings suggest that firms need to change their attitudes to information security, and take action now to address their data responsibilities and prepare for upcoming regulatory crackdowns, as well as ensuring they are compliant with current laws. At the recent Infosecurity Europe 2014 event in London, David Smith, director of data protection at the UK Information Commissioners Office (ICO) made this point clear when he told firms to “get their houses in order” now. He also acknowledged the widespread ignorance of data protection rules and suggested that the incoming regulation will build on the existing rules, suggesting that firms should look to equip themselves for both regulations simultaneously, and that any such activity now will complement efforts to become compliant when the EU rules come into force in 2017.
The need for change Few would argue that the current European data
protection laws are fit for the modern age. When these regulations were issued in 1995, the Internet and many of today’s digital devices were far from dominating the workplace as they now do. For example, one of the most prominent pieces of modern technology, the iPhone, was still 15 years away from its first launch when these regulations came into force. As a result of this outdated regulation, many challenges – particularly those posed by the Internet such as malicious
www.vitalmagazine.co.uk | November-December 2014
cyber attacks and online fraud – were not accounted for. This is a point that was emphasised by recent research from PwC’s 2014 Global Economic Crime Survey, which found that 17% of businesses had been victims of cyber crime – a threat that wasn’t even on the radar in 1995.
Furthermore, in the legal sector, DX’s survey shows that many lawyers are not acknowledging this high level of risk, with 26% saying they felt no risk to data security from criminal attacks. Even among those identifying a potential danger, a further 26% felt risk was fairly small, with only 5% concerned that attacks were a large risk.
Getting the basics right The majority of companies now use email as their primary means of communication, with over 100 billion messages sent by businesses in the UK each day. This is a drastic rise from the figures of 1995, highlighting another area that is in need of regulatory attention. The open nature of the email system, the lack of encryption and the relative ease with which communications can be misdirected, raises another security concern. Rather than malicious attacks, legal professionals, according to the DX findings, deemed human error the most critical danger to data protection. This same survey reveals that only a third of respondents (35%) could say that email had never compromised data security, and 55% knew of cases of emails being misdirected – 80% of those to at least one external recipient. These figures alone demonstrate the need for secure email encryption in the transferring of confidential data across the Internet. The EU’s General Data Protection Regulation will address all of the issues currently threatening data security, from the acute threats posed by cyber criminals to the more mundane risk of unintentionally sharing sensitive information via email. Furthermore, the new regulations will attend to the technological advances that have changed the face of data protection. The new measures required of companies will be more in-depth and more rigorous than those seen before, with measures like email encryption likely to become a minimum standard. As regulatory constraints increase, so too will client expectations around the confidential treatment of their data. Those companies which implement the changes quickly will tick all the boxes; maximising client confidentiality, avoiding substantial penalties and maintaining their own reputations.
17
VitAL Security
Finding a needle in an empty room Dr David Chismon, senior researcher for MWR InfoSecurity, details how and why large enterprises should be using honeypots as a means to detect and monitor any attempts at illegitimate access to sensitive data. He also includes some helpful tips for making honeypot projects successful… have been used in information security in one form or another H oneypots for decades.The principle is attractively simple: rather than trying to catch attackers, prepare something enticing and wait for them to come to you. In today’s world of skilled and persistent attackers, honeypots can be a key tool to solving a difficult problem: how to detect an advanced attacker on a busy network? Once in a network, modern attackers hide in the noise and by mimicking normal user behaviour (stealing and abusing credentials for example) they are increasingly hard to detect. With honeypots, organisations create something that appears to be a legitimate asset but that is not, so any attempt to access the asset is instantly suspicious. Rather than searching for the needle in haystack, you’re now searching for a needle in an empty room.
With honeypots, organisations create something that appears to be a legitimate asset but that is not, so any attempt to access the asset is instantly suspicious. Rather than searching for the needle in haystack, you’re now searching for a needle in an empty room
How are researchers using honeypots? Researchers have been making effective use of honeypots. By creating fake computers, fake services or fake people, it is possible to see what kind of malicious activity is occurring on the Internet. Particularly interesting examples of honeypot research include Kippo, which pretends to be a service and lets an attacker in after a number of password attempts in order to study what attackers do once on a system. Trend Micro created a number of SCADA/ICS honeypots that appeared to be industrial networks and found that attackers quickly compromised these services, with ominous implications for people running real internet-connected SCADA systems. Using honeypots give researchers deeper insight into what hackers are looking for, attempting to do and compromise within a corporate network. The
18
www.vitalmagazine.co.uk | November-December 2014
VitAL Security
The principle is attractively simple: rather than trying to catch attackers, prepare something enticing and wait for them to come to you
research can then be used to help companies focus their defensive efforts.
How are businesses using them? Business use of honeypots is often limited. Where businesses use honeypots as part of their defences, they typically rely on traditional honeypots, i.e. a non-existent computer on the network or perhaps an entire network range, and then alert on any attempt to connect to the computer or range. This can be effective, for instance by identifying an attacker who has gained access to the internal network and is portscanning the entire range. However, many advanced attackers do not resort to “noisy” techniques such as port scanning once on the internal network, they instead often rely on subtle lateral movement such as obtaining network maps and connecting directly to servers of interest. To catch such advanced attackers requires more sophisticated honeypots.
How can businesses use honeypots? Attackers will often attempt to obtain administrative credentials to aid their movement around networks. They can do this by a number of means, from password-guessing attacks against administrative accounts to more advanced attacks that allow them to carry out actions with the permissions of anyone using the computer they are accessing. Organisations can therefore create “honeytokens”, which are administrative accounts where an attempt to use the account alerts security staff to the presence of an attacker. Any important asset that organisations fear an attacker may compromise as either a step towards their goal or as the goal itself can be the basis for a honeypot. Successful honeypots include fake files that an attacker might try to access, with attempted access to those files triggering an alert. Organisations have found that fake file servers that might lure an attacker, such as one described in network diagrams as “Backup Fileshare” can also be successful. A controversial form of honeypot is the creation of a fake person of interest. More targeted attackers will identify key individuals in an organisation and then target them directly with spear phishing emails. Once in a network, many attacking groups will attempt to steal the inboxes of people they www.vitalmagazine.co.uk | November-December 2014
consider important. By creating a fake email account, it may be possible to gather intelligence relating to the malware being sent against real, high value employees. More importantly, any attempt to access the honeypot email account will alert the security team to the presence of an attacker stealing inbox contents.
What are the risks of using them? There are downsides to using honeypots. Firstly, they can require time and resource to implement, both of which may already be limited in the organisation. Honeypots can also take time to integrate into the organisation’s alerting infrastructure. Curious employees can often visit certain types of honeypot, such as file and fileshares, and it can only take a small number of such benign triggers for the alert to lose its value in the eyes of the security team. The creation of email accounts or people can be difficult, particularly if that person is listed externally as there could be regulatory issues from publically listing a fake high value employee, which would be necessary for the effectiveness of the honeypot.
Five tips to using honeypots successfully: 1. Base the honeypot on a real asset you’re concerned might be compromised. 2. Reference the honeypot anywhere you reference real assets. 3. Make sure honeypots are known to only those few running them. 4. Have a process for rapidly investigating alerts generated by the honeypot. 5. Have a process for investigating real assets should honeypot alerts indicate an attacker. Honeypots can be a highly effective and efficient way of alerting security teams to attackers, even those who are more advanced. However, to be effective requires the honeypot to be well implemented, maintained and monitored.
19
VitAL Security
Is your organisation’s high-risk data safe? Organisations must adapt to protect high-risk data, says Lee Meyrick, director of Information Management, Nuix…
A recent survey commissioned by the UK Government’s Department for Business Innovation & Skills, found that 58% of large organisations suffered staffrelated security breaches; while 31% of the worst security breaches in the year were caused by inadvertent human error; with a further 20% by deliberate misuse of systems by staff 20
www.vitalmagazine.co.uk | November-December 2014
VitAL Security
You can’t protect something if you don’t know where it is, therefore it is important for companies to put in place strong information governance practices is rife with reports of high-profile company T hedatanewsbreaches, and just how much these are costing the respective organisations and their customers. Home Depot, JP Morgan, and the Ministry of Justice are just some of the recent big names to have private data leaked from within their organisations.The high value of private information such as credit card details or intellectual property has made all organisations that store this kind of sensitive information a target for cybercrime. Data breaches can be hugely costly to an organisation. For example, last year the UK Information Commissioner’s Office increased the maximum fine it can hand out for data breaches from £5,000 to £500,000. But fines are only a part of the total cost, which may include damaged company reputation, disaster recovery costs, loss of intellectual property, a weakened competitive position and the negative impacts on customers who were affected. Take the recent Home Depot breach, where the retailer has since had a US$500-million class-action lawsuit filed against it by its customers. But, now for the real bad news: When it comes to company data breaches there are only three categories an organisation can fall under – one that has been breached, one that is going to be breached, and one that is already breached but simply doesn’t know it. Security researchers believe determined and sophisticated attackers can infiltrate any perimeter security system and lodge malware within an organisation’s network. Gartner’s bluntly titled report, “Malware Is Already Inside Your Organisation; Deal With It”, says that organisations must assume they are already compromised.
Information governance practices This is making it increasingly challenging for companies to understand exactly what their data contains and where it is stored, and importantly, whether they have suffered a data breach. For example, if an employee had obtained a report of customers’ names, personal information and banking details and emailed it outside the organisation or stored it on a file share with open access, how would you know? You can’t protect something if you don’t know where it is, therefore it is important for companies to put in place strong information governance practices. This involves examining all of your data, classifying it, removing data that isn’t really needed and ensuring what’s left is well-organised and easily searchable. It requires information governance technologies that provide transparency into the contents of a company’s data. With this transparency, organisations can divide their data into those they want to keep because they are useful, valuable, or required by regulatory requirements, and the rest, for which there is no good reason to keep. In fact, most organisations only keep this data because they can’t find the time to tell the difference (and some risk aversion – more on that later). This data should be removed as soon as practical. Not only can it hold details of old sales presentations, the draft copies of the contract and funniest cat videos, but worse, it can have former customers’ details, legal liabilities and out-of-date policies. Failure to remove these may just waste time and effort, but could also result in bad decisions or adverse legal consequences. Removing them improves productivity and reduces risk through the use of pre-defined and legally sanctioned rules.
Internal factors
Increasing the value of your data
However, it’s also important to note that the majority of data exposures are not caused by hackers but by internal factors: malicious insiders, loss or theft of devices, or simple errors by IT and security administrators. A recent survey commissioned by the UK Government’s Department for Business Innovation & Skills, found that 58% of large organisations suffered staffrelated security breaches; while 31% of the worst security breaches in the year were caused by inadvertent human error; with a further 20% by deliberate misuse of systems by staff.
Identified high-value documents such as customer records, intellectual property and contracts should be identified and migrated to managed locations and protected with access controls and retention rules. The bigger the circle of people who have access to your organisation’s confidential data, the bigger the risk for a security breach. Therefore organisations must then apply policies and conduct regular audits to ensure only authorised staff have access to important data.
Bearing these factors in mind, organisations can and should take proactive steps to protect their high-value and high-risk data. One very important step involves knowing where important data is stored, understanding what it is worth and making sure it’s protected. It may sound simple, but with the huge increase in electronic information being generated every day, organisations are finding themselves buried under exponentially growing piles of data – from customers’ private information to emails, word-processing files and spreadsheets, to non-business content such as music libraries and personal photos. These huge volumes of data are often scattered about on file shares, in email archives and on individual desktops. Did you know that in one year, the average employee will send and receive more than 10,000 emails, which is equivalent to 3GB of data?
www.vitalmagazine.co.uk | November-December 2014
Through these efforts, an organisation increases the value of its data and minimises the opportunities for malicious or accidental breaches of important information. Whether the culprit is malware that has breached a network; an unhappy employee; or a misconfigured network, the chances of anyone gaining unauthorised access to the high-risk and high-value information an organisations stores are greatly reduced. Further, because you already know where the important information is stored, you are much better positioned to quickly access it for any investigation. Whether the trigger event is a system breach or legal discovery, you can conduct rapid, thorough and effective investigations to minimise damage, respond accurately and mitigate risks. References available on request
21
VitAL Security
Wearables are not ushering in a new era of public theft. Stealing PINS and other confidential information is a well-established criminal practice.What wearables bring with them isn’t a new security crisis, but a new take on an old problem. After all criminals have been “shoulder surfing” at ATMs for yearst
Wearables: The next frontier of security risks? Following the big hullabaloo last month when a researcher released his findings that Google Glass was a security risk, Charles Sweeney, CEO, Bloxx, looks at whether or not wearables are the next frontier of security vulnerabilities… my kids were young they used to love a cartoon W hen called The Jetsons. Set in the future, it portrayed what life would be like with robots as domestic help, and what we could expect from space cars. Of course this all seemed way off, and in many ways it still does, but it feels like every year we come ever closer to a vision of a connected future, driven by technology. At the centre of this vision is the Internet of zThings. A term
22
pioneered by Cisco, it is a concept that has emerged from a much-hyped concept, and is rapidly gaining traction as an inevitable way of life. The company anticipates that 50 billion devices will be connected by 2020 – and we’re already well on the way. Not too convinced? Well look at Google Nest or health apps that link your data with that of your friends and enable you to compete on calories eaten and burned. Taken by themselves they might just be considered tools of convenience, but are undoubtedly steps towards our connected future. However, this new way of living will involve sharing your
www.vitalmagazine.co.uk | November-December 2014
VitAL Security
data with an unimaginable number of sources. In turn these companies will likely have to pass your data on to their suppliers. No big deal you might think, but this raises serious questions about who is responsible for protecting this information. Not only that, but it will also force consumers to think about who they trust with their data. For some companies, the answer to this question could determine their success in the connected world. In the last 12 months, big companies from eBay to Target, have all been forced to admit that not only have they been subject to a data breach but that upon further investigation that their governance and approach to protecting user data was slap dash at best. Target has perhaps experienced the most serious ramifications, with its share price and profits nose-diving and its CEO resigning. Public sector organisations aren’t immune either. The Government was also forced to scale back plans for care.data (a central database for patient records) when it experienced a huge backlash against its plans due to a lack of clarity in how the data would be shared and used with third parties.
Change is all around us This mass sharing of data is also driving new ways in which we connect with the information around us. Smartphones and tablets have changed our expectation of how we access data. Location is no longer a barrier and we expect that wherever we are, be that on the bus or in the supermarket, that if we want to call up a weather report or read the news that we can. Whilst smartphones may have spearheaded this change in our interactions, they could soon be viewed as “so 2014” as the big names in consumer electronics such as Samsung, Apple and Motorola launch smart watches into the mass market. Google too has set out its stall with the launch of Google Glass. Whilst price points at the moment mean that these devices are the want of the rich and enthusiastic early adopters, so too once were smartphones and tablets. When you think of it in those terms, it’s easy to imagine how prevalent these wearable devices will be in just a couple of years time.
Device vulnerabilities As the central hub that will encompass connecting us to the wider world to switching our central heating on from the bus, serious questions are being asked about wearable devices’ security credentials. Particularly when it comes to hacking. For example, in June, researchers from the University of
www.vitalmagazine.co.uk | November-December 2014
In the last 12 months, big companies from eBay to Target, have all been forced to admit that not only have they been subject to a data breach but that upon further investigation that their governance and approach to protecting user data was slap dash at best Massachusetts Lowell developed a new video recognition algorithm that can tell what PIN you’re typing from over 100ft away. It was tested on a number of camera-powered devices such as Google Glass and could reportedly detect a four-digit passcode from three meters away with around 83% accuracy, about the same as a Samsung smart watch. The reporter told Wired magazine that the findings should act as a warning, telling them, “I think of this as a kind of alert about Google Glass, smartwatches, all these devices. If someone can take a video of you typing on the screen, you lose everything. Any camera works, but you can’t hold your iPhone over someone to do this. Because Glass is on your head, it’s perfect for this kind of sneaky attack.” This wasn’t the first time that wearables, Google Glass in particular, had come under fire for potential privacy breaches. Cue panic: “Wearables are insecure,” scream the headlines. After all, people could see your password or PIN, make a note of it and then use it for their own gain. But I think in reality we need to face a few facts here. Wearables are not ushering in a new era of public theft. Stealing PINS and other confidential information is a well-established criminal practice. What wearables bring with them isn’t a new security crisis, but a new take on an old problem. After all criminals have been “shoulder surfing” at ATMs for years. The issue at hand isn’t wearable’s themselves, it’s about how we protect our digital identities full stop. As we hurtle towards a newly interactive and immersive digital future, it is clear that PINs and passwords are weak points that can no longer be ignored. Arguably they are the problem, not wearables. They simply aren’t robust enough to cope with how technology is evolving the world around us. Biometrics, voice recognition and retina scans are all options that just a few years ago would have been dismissed as a bit “Minority Report”. But something has to change. We can’t continue in a world where data is stolen at will. If nothing else, I hope wearables will force wide spread change about how information is protected.
23
Cover Story
The role of technology in transforming the lives of people with sight loss During a recent demonstration event held at The Ivy, in London, VitAL Magazine had a great opportunity to try out revolutionary new smart glasses, which help blind and partially-sighted people to “see”. Sophie-Marie Odum reports… country, 100 people everyday learn that they are I ntothisbe living irretrievably with sight loss. However, research
suggests that 90% of people registered blind have some light perception. By using a camera to enhance images of your existing sight, Professor Stephen Hicks and his team at Oxford University have worked together with the Royal National Institute of Blind People (RNIB) to develop smart glasses that aid vision for a wide range of sight problems.
The high-tech smart glasses, which are able to maximise what remaining vision a person has, have been chosen by the public as one of the winners of the Google Impact Challenge 2014, which awarded the project with £500,000 of funding. Many people who tried the glasses were said to be able to see shapes and obstacles for the first time in years.
Neil Heslop, managing director, RNIB Solutions, commented, “We are absolutely delighted to be the winner of the Google Impact Challenge 2014 public vote. Thank you so much to everyone who voted for the smart glasses. “These glasses have the potential to transform the way blind and partially-sighted people can go about their everyday lives. One gentleman with sight loss who tried the glasses reacted with ‘wow, I can see your face’. “With this funding, we can now increase the number of pairs of glasses in production and set up bigger user testing trials. We want more people to try them, to see the difference
The glasses, which are for people who are from severelysighted to partially-sighted, according to RNIB, work by capturing images of the world with a 3D camera. This information is used to separate out nearby shapes and objects, and highlight them clearly on the inside of small transparent displays. The displays form part of the lenses of the glasses, allowing people to use their own vision as much as possible. Professor Hicks said, “There’s a strong feeling of isolation that comes with sight loss. You become disconnected from people around you and regular activities can be a challenge. smart glasses help detect trip hazards and people enabling you to carry on with daily tasks. “The glasses don’t actually restore sight, instead they enhance images on a screen in front of you. They’re fitted with an adapted 3D camera that processes images through a computer and projects a brighter, more defined version on to your lenses. For example, if you approach some stairs, the camera will highlight their outline.”
Sight enhancement trials The £500,000 funding will enable RNIB and Oxford University to create 100 pairs of smart glasses and test them with 1,000 people. This will be the first large-scale test of smart glasses and augmented reality for sight enhancement anywhere in the world. It is hoped that by 2016, the smart glasses will be ready for four-week trials, which will allow RNIB to collect data and make any necessary improvements ahead of its release.
24
www.vitalmagazine.co.uk | November-December 2014
Cover Story
they make and let us know how we can make them even better.”
Exploiting digital media and technology In the past five years, technology has radically changed due to the advancement and wider use of smart, mobile devices. Technology is at the centre of most of our everyday lives, from online shopping, to checking when the next train or bus is, to managing our money. Technology helps us manage our lives, and the advent of these glasses clearly demonstrates that technology also plays a huge role in transforming the lives of people with sight loss. Neil said, “Technology is a very important building block in helping people reach out. However, technology also helps businesses grow by providing solutions to deepen relationships and to access revenue by adding value to lives and to working relationships.” This is why RNIB created RNIB Solutions. It enables the independence of blind and partiallysighted people by exploiting digital media and technology, to promote innovative consumer and business products and services worldwide. The Institute plays a huge role in supporting people going
www.vitalmagazine.co.uk | November-December 2014
Technology is a very important building block in helping people reach out. However, technology also helps businesses grow by providing solutions to deepen relationships and to access revenue by adding value to lives and to working relationships through their sight loss journey, and complements the medical and clinical support they receive. The RNIB also provides the emotional and practical support via RNIB Solutions. As well as its collaboration with Google Glass, the Institute has partnered with various technology companies to help make technology more accessible to those with eye conditions. Apple built accessibility into its devices, which changed the world for many visually impaired people, said Neil. Touch screen technology has been a huge game changer for the blind and visually impaired. Accessibility software is a growing, but powerful field, as the software can turn a smart device into a person’s eyes, ears, voice or whichever sense is needed. But there are still many challenges with this technology, such as devloping a person’s skills and confidence, believes Neil. This is why the Institute has partnered with Apple to uncover further potential in its product range. RNIB also works with Amazon on the development of its Kindle devices, and is one of Nokia’s global strategic partners to develop its products and apps. The Institute works with Microsoft as a “scale partner”, as Microsoft makes a number of moves to improve access to digital technology as well as mainstream technology. In addition, RNIB provides consultancy to Samsung, in regards to embedding text and speech into its global offering.
Technology as a driving force Almost two million people in the UK are living with sight loss (that’s approximately one person in 30), according to the RNIB, and it is predicted that by 2020 the number will rise to over 2,250,000, and by 2050, this number will double to nearly four million, due to the UK’s aging population. It’s evident that technology is a driving force in making life more accessible for those who are blind or visually impaired, and with sight loss set to increase in the future, it is hoped that the rapid rate of developing technology will continue to keep up with these demands and eventually surpass expectations.
25
VitAL Processes
Is outsourcing software testing still a risky business? Outsourcing software testing is becoming standard practice, but many projects still fail to meet their objectives. Babuji Abraham, Senior Vice President, CTO and head of Infrastructure Services Business at ITC Infotech, explores best practice in ensuring projects succeed…
Vanson Bourne’s research found that 31% of all outsourced software projects ran into issues in timing or service levels, and 23% failed to meet all their objectives.Worse yet, 57% of CIOs responding to the research even identified projects as “an embarrassment” or a “nightmare”
has changed rapidly in recent T heyears,worldwithoftheoutsourcing widespread adoption of cloud computing driving increased outsourcing across all other areas of business. Even those companies with a dislike of outsourcing will have to face that they are probably already outsourcing vital management of their computing. Software testing has long been a favourite choice for outsourcing, and a study from market research group Vanson Bourne estimated that CIOs are now outsourcing 48% of all testing and development projects.
26
When outsourcing is done correctly, it brings a huge amount of benefits that can transform the way a developer operates. First and foremost is the availability of talent, with companies able to quickly access teams of experienced specialists across the globe rather than going through the time consuming process of hiring new staff. Alongside this, outsourcing allows for a new level of scalability, making it easy to ramp up and cut back as necessary as projects come and go. Outsourcing work like infrastructure and testing frees up the internal staff to concentrate on other critical areas of business. When it works, outsourcing will improve efficiency and reduce
www.vitalmagazine.co.uk | November-December 2014
VitAL Processes
Software testing has long been a favourite choice for outsourcing, and a study from market research group Vanson Bourne estimated that CIOs are now outsourcing 48% of all testing and development projects costs across the board. However, success is not guaranteed, and it is generally considered that less than half of all outsourced projects are financially successful. Vanson Bourne’s research found that 31% of all outsourced software projects ran into issues in timing or service levels, and 23% failed to meet all their objectives. Worse yet, 57% of CIOs responding to the research even identified projects as “an embarrassment” or a “nightmare”.
Failed projects A failed project inevitably means a great deal of wasted time and money. A much greater impact however, is the loss of opportunity. In the age of the Internet, a few months is a lifetime so development delays can easily lead to a product completely failing to launch, especially if a rival launches in the interim. This risk has been lessened considerably by agile methodology, with projects launching in two weeks rather than 18 months. Regardless, it is still all too common for an outsourced project to fail, and when it does, it’s usually a case of a management or communication failure rather than a technical issue. It is vital for the vendor and client to work closely together throughout the project and treat it as a partnership. There is a tendency for clients to throw the project and all associated issues and risks at the outsourced team, and then no longer consider it their responsibility. This attitude only leads to pointing fingers and shifting blame when any issues do arise – something which is very easy to do when working thousands of miles away from each other.
Successful outsourcing partnerships The first step towards a successful outsourcing partnership is agreeing to a strong, detailed framework from the outset. The client and vendor should work together to identify objectives and associated risks on a granular level, and define them for each stage of the project. This means that if something goes wrong, the issue can be contained and addressed without causing the entire project to collapse. Communication should remain a priority for the entirety of the project, with regular points of contact. Although there is no
such thing as too much communication, it is important for it to be regulated. When working with a colleague in-house, you can easily walk over to their office and have a chat any time. When you’re 5,000 miles away however, ad hoc communication can interrupt the flow and be quite disruptive. Both sides should agree regular weekly calls to catch up at convenient times, as well as determining other on-going progress reports as part of the framework. A high level of communication also solves other risks associated with outsourcing, such as the potential for security breaches. When it comes to a new product launch, IP is everything, so a leak of crucial information can be devastating and even end the project outright if a rival uses ideas to launch a similar product first. While this risk can breed an attitude of mistrust, most IP leaks actually tend to be accidental – a keen developer might chat with friends or industry colleagues about a project they’re particularly excited about, not realising they are actually leaking vital ideas or data. This can be easily avoided by setting clear ground rules from the outset to determine what areas of the project should be kept strictly confidential.
Good chemisty Even when applying best practice in management and planning however, outsourced projects can still run into trouble if the vendor and client are a bad fit. Just like any other relationship, an outsourcing partnership needs to have good chemistry if it is to succeed. Companies should take the time to assess potential testing vendors and ensure their process and general approach to the business is aligned. The two sides should also be of comparable maturity – if there is too wide a gap between them, they are unlikely to work well together. While there are still risks associated with outsourcing key software testing responsibilities to outside vendors, they are easily outweighed by the potentially transformative benefits in efficiency and cost reduction. The mainstream progress of cloud adoption has improved awareness of outsourcing in general, while agile methodology has made it much more viable for software developers in particular. Whatever the project, by taking the time to lay some groundwork in planning and management and working closely with their chosen partner, developers can bring their operations to a new level and avoid being just another statistic of failure.
References available on request
28
www.vitalmagazine.co.uk | November-December 2014
V ITAL INSPIRATION FOR THE MODERN BUSINESS
Subscribe for FREE! News, views, strategy, management, case studies and opinion pieces
www.vitalmagazine.co.uk/subscribe
VitAL: INSPIRATION FOR THE MODERN BUSINESS
VitAL: INSPIRATION FOR THE MODERN BUSINESS
VOLUME 7 | ISSUE 6 | November-December 2013
V ITAL
VOLUME 8 | ISSUE 4 | July - August 2014
V ITAL INSPIRATION FOR THE MODERN BUSINESS
INSPIRATION FOR THE MODERN BUSINESS
How well do you know cloud computing?
An “augmented” future for wearable computing Can you envisage all the possibilities?
Are online IT training courses the answer?
Looking back on 2013
T H I R T YO N E
www.31media.co.uk
VOLUME 8 | ISSUE 4 | JULY - AUGUST 2014
VOLUME 7 | ISSUE 6 | NOVEMBER - DECEMBER 2013
INSIDE VitAL Report
VitAL’s 2014 Predictions:
Published by
VOLUM E 8 | ISSUE 5 | Septemb er - October 2014
Still running Windows XP? Are you saying yes to cyber attacks?
INSIDE VitAL News Improving IoT security
VitAL Security How secure is the “IoT”?
INSIDE VitAL Report
The attack of the CyberVors
ITSM
Teamwork and collaboration
VitAL Processes
Are the returns from IT crosscharging enough to justify the effort? Jelle Wijndelts, an SAM consultant, Snow Software, looks at the potential benefit of cross-charging IT within a business; the likely barriers to change; and possible cultural considerations‌
There are a number of practical considerations to take before deciding whether to implement cross charging or not. For instance, what do you re-charge and how? Is it just an internal financial management exercise?
30
www.vitalmagazine.co.uk | November-December 2014
VitAL Processes
I
n case there was any doubt, the days of the bottomless IT budget are most definitely over.This is evident in the results of research, which highlighted that the primary driver behind software asset management (SAM) nowadays is clearly cost avoidance, through better-informed software license procurement.
As well as achieving hard cash savings by better negotiation of vendor license agreements and re-harvesting software licenses rather than buying new all the time, another plus point for SAM is the ability it offers to cross-charge IT services to an organisation, based on cost of ownership, number of installs and general usage levels. SAM data forms the essential ingredient in a cross-charging policy because it helps to isolate exactly how software and other IT resources are being utilised. There are a number of practical considerations to take before deciding whether to implement cross-charging or not. For instance, what do you re-charge and how? Is it just an internal financial management exercise? How can the true internal cost of software applications be understood? And how can plans for the future be laid to accommodate inevitable organisational changes?
The psychology of software ownership At the outset, one of the most difficult aspects to overcome when beginning to think about cross-charging is the potential political and emotional impact on an organisation where individual business units “owned” software and were formerly even responsible for purchasing their own licenses. Of course “owned” is a relative term because ultimately the software ownership lies with the company not the individual, but nevertheless, the psychology of having to “give something up” and then get “charged” in the future whenever software is needed, is not always straightforward to overcome. Before embarking on this journey, ensure internal agreement between departments is in place, clearly define what needs to happen with exceptions, make sure it’s possible to measure installs or usage and report on them. Then decide what costs you are going to re-charge. Will it be the license cost plus operating cost or license cost only? Each department within an organisation generally has its own budgets and part of this needs to be allocated to the cost of running IT equipment, software, licenses, etc. An SAM tool will track the software installed and software actually being used. Based on this information, it is possible to measure exactly what departments are consuming and charge users accordingly. For example, if the sales department all have access to the CRM system, they get charged for it. And the system used to provide the data should be flexible enough to change at a moment’s notice, in the event of the user’s requirement changing.
Financial operations It is also important to ensure charging policies reflect both the existing organisational structure and the way financial departments work. Sounds obvious, but this is a common mistake to make, because IT’s landscape is completely different to the worldview that finance tends to have. In addition, charging must be linked to controllable aspects for customers
www.vitalmagazine.co.uk | November-December 2014
It is also important to ensure charging policies reflect both the existing organisational structure and the way financial departments work. Sounds obvious but this is a common mistake to make, because IT’s landscape is completely different to the worldview that finance tends to have (users) as they may wish to alter their behaviour (usage) of services based on any charges incurred. The last thing to consider is how a cross-charging policy will respond to inevitable structural change. Whilst the current financial organisation needs to be reflected in a cross-charging policy, it also needs to be flexible enough to change as your company changes.
How can a pricing model be structured? From experience, there are several ways pricing levels within cross-charging policies can be structured. These include the following: • Cost price. This is based on the recovery of costs associated with provision of services. • Cost price +. This is essentially the cost price plus a percentage mark-up value. • Going rate. Here a charge is derived based on the way other departmental services are recharged. • Market price. This is the price that would be charged by a third party provider if the service of software provision were to be outsourced. • Fixed price. This is an independently agreed price, which is based on the actual use of services.
What’s the final verdict? Yes or no? So is cross-charging worth the effort? In my opinion, the answer is yes, and there are multiple benefits. These include the ability to have greater control of costs and implement software re-harvesting. However, don’t under estimate the work that needs to be done to get there and effectively implement crosscharging, there is the potential emotional and political impact to consider. It is also essential to have both a SAM platform and efficient SAM processes in place to be able to track with accuracy software installs and usage, making sure your organisational structures are easily identifiable. And in the end, even if the final result is simply the capability to exchange “wooden dollars”, it serves a purpose by highlighting both the contribution made by IT to individual departments, and the extent to which they are utilising IT resources within the organisation. It is a way to justify the existence of IT as a vital support function and effectively create a “cost neutral” department. It just becomes a matter of weighing up whether the total cost of implementing crosscharging will outweigh the benefits.
31
VitAL Processes
How to thrive in the “Age of the Customer” With the rise of the Internet, businesses must work to encourage loyalty from their customers as we enter the “Age of the Customer”. Neil Chapman, Senior Vice President and managing director EMEA / International, ForgeRock, explains how businesses can adapt to these new circumstances and use them to their advantage…
“Age of the Customer” is really the “Age of the T heInternet;” the Internet has taught customers that they no longer need to “settle”. Instead, they can now go online to seek – and likely find – exactly what they are looking for, exactly when they want it. This unprecedented competitive pressure is driving the pace of business innovation faster than ever before. Companies are racing to develop new revenue streams and increase loyalty
by rolling out more personalised and more dynamic services. Car companies are adding telemetric features, banks are scrambling over each other to offer the latest mobile app, and retailers and service providers are dreaming up new perks and services to shore up loyalty. Even organisations that do not focus on the top line are innovating; governments are turning to new channels to offer convenience and cut bottom-line administrative costs. But one huge hurdle in this headlong race to innovate is how
Today’s IRM can link devices and new mobile and social apps to a single security platform that enables identity synchronisation and single sign on (SSO).This can take place anytime, anywhere, on premises or off in the cloud
32
www.vitalmagazine.co.uk | November-December 2014
VitAL Processes
As more people, devices, and things are assigned identities across networks, IRM helps companies avoid uncontrolled growth in credentials and keep access seamless and responsive to connect customer and citizen identities to these offerings. It is a paradox of openness and restriction: companies need to provide easy, seamless access across platforms and services, including the cloud, the Internet of Things, mobile devices, customer portals, social platforms, and the web. At the same time, they must protect customer security and ensure that customers get exactly – and only – what they pay for. Businesses should reassess their approach to identity management in order to prosper in this new, fast-paced environment.
Identity management “The industry is undergoing a huge shift from identity and access management to identity relationship management,” says Alex Ott, owner and founder of CrossContinentalVentures, a global provider of advisory services to entrepreneurs. “Identity relationship management extends the value of identity where legacy vendors have failed to innovate, supporting organisations in developing seamless and secure customer-focused services across users, applications, devices, and things.” Traditional identity and access management (IAM) tools enable or deny access based on a few criteria, and only for a few thousand users, typically just employees and partners. Companies looking to support innovative services for customers can leverage identity relationship management (IRM) platforms instead. These can instantly support multiple devices, react to context, and scale up to accommodate millions of users at a time without any performance degradation or service disruption.
Support all devices anytime, anywhere Companies have to support a huge array of devices, applications, and users, as well as the numerous relationships between them, while providing customers the same experience across all their touchpoints. Today’s IRM can link devices – including laptops, phones, touchpads, and even cars – and new mobile and social apps to a single security platform that enables identity synchronisation and single sign on (SSO). This can take place anytime, anywhere, on premises or off in the cloud.
Deliver context-aware services But today’s SSO isn’t a simple yes/no. Multiple factors should determine whether or not a user gets access, and if so, how much and to what. If someone logs in from a new device or a different country, for example, a business might set up its IRM system to adjust to the circumstances and ask for additional authentication.
www.vitalmagazine.co.uk | November-December 2014
Contextual intelligence and awareness add value to digital services. For example, with the Toyota in-car portal, the system “knows” which car and which driver is accessing the Toyota platform, and where they are. This allows the system to recommend gas stations, find a parking spot, and offer real-time traffic information and automatic rerouting. Other services can leverage a wide range of contextual data – such as location, time, customer record, temperature, device, and virtually anything else – to customise interactions with users.
Scale Up Because IRM systems control access to customer-facing services, they must be able to accommodate thousands or millions of identities simultaneously, quickly verifying identities and privileges. As more people, devices, and things are assigned identities across networks, IRM helps companies avoid uncontrolled growth in credentials and keep access seamless and responsive.
Look under the hood of successful IRM A good IRM solution is designed from the ground up as an integrated, cohesive stack that is purpose-built to handle complexity. Open-source solutions are well-suited to addressing the paradox of delivering both openness and security on a unified, massively scalable IRM platform. They can connect with virtually any device and keep up with new versions of each. Experienced architects also report that these open source solutions are more secure, because they allow developers to identify and fix security-related bugs faster than legacy, closedsource platforms.
Reinvention and innovation As consumers demand more personalised services, companies must harness the power of identity to transform visionary ideas into applications that they can deliver to millions of customers, anywhere, using any device. “The winners and losers in today’s digital world will be determined by how they approach the issue of identity as they develop new offerings,” says Warren Weiss, general partner, Foundation Capital. “Those that utilise the right identity platform can quickly respond to the needs of their business, reinventing themselves to roll out new services to any device or thing more quickly than their competitors – and to seize a distinct advantage in the market.”
33
Virtualisation
Easing network woes in a cloudy world of change and complexity The piecemeal transition to a wholly virtual environment is causing IT departments endless security and compliance headaches, but a new breed of software known as security policy orchestration can quell the pain, argues Tufin’s Reuven Harrison... organisations seek to gain greater agility and A sefficiency by virtualising their IT infrastructure and making ever more use of cloud services, they’re encountering a big problem: how on earth do they ensure their increasingly complex web of systems and networks remain secure and compliant amid an accelerating onslaught of change?
34
IT operations staff are constantly having to tweak network and security settings as the business requests swathes of changes to applications and services, as well as to the way these can be accessed (and by whom). In larger firms, this can amount to hundreds of changes every day, which often puts a huge strain on IT resources and hampers businesses’ ability to achieve the agility and efficiency gains that virtualisation and the cloud can bring.
www.vitalmagazine.co.uk | November-December 2014
Virtualisation
Even more worrying, the sheer volume of change, coupled with the growing complexity of their network set-up, means it’s extremely hard for firms to ensure that systems remain secure and compliant. A tweak to one part of their architecture can all too easily result in unforeseen changes occurring elsewhere that introduce new security holes, break compliance in some way or otherwise cause things to malfunction.
What about hybrid IT? Many providers of cloud and virtualisation technologies point out that network management is actually far simpler when you use their systems. Because they are built “virtually” (i.e. in software), management can be fully centralised and automated. Indeed, many organisations are moving towards this world of “software-defined” datacentres and networks precisely because of the increased agility, flexibility and ease of management that it promises to deliver. VMware, for instance, proclaims that its NSX network virtualisation and security platform can protect softwaredefined datacentres without having to set up multiple firewalls and internal security checkpoints. The product includes a hypervisor-level firewall that examines all the traffic flowing through dispersed, virtualised networks and gives users a single, software-based control panel to make any changes needed. While that’s all well and good if your IT is fully virtualised, this just isn’t the case for most organisations today. Companies typically use a mixture of virtualised systems, cloud services and legacy physical kit in a so-called “hybrid IT” environment. Their move towards the software-defined datacentre and software-defined networks is a gradual transition, so this hybrid environment is likely to remain the dominant model for some time yet. And, even when the transition to virtual is complete, a software-defined datacentre will always be running on top of a physical environment that will still need to be effectively secured.
Security Policy Orchestration Clearly, if organisations want to achieve the full agility and efficiency benefits of virtualisation during this transitional period and beyond, they urgently require a way to automate and centralise network and policy management across their entire, and increasingly disparate, IT estate – both the virtual and physical parts. Fortunately, there is a solution: Security Policy Orchestration. Security Policy Orchestration can hook into multiple network management and security systems, mapping out how they all interact and giving users a holistic view and a single point of control over both virtualised platforms like VMWare and over physical networks and traditional security systems. These tools understand the organisation’s security and compliance policies, and can ensure every part of the architecture adheres to them, fully automating the task of configuring everything correctly. This lifts the burden of constantly having to make manual changes to a multitude of different devices, giving IT departments the opportunity to re-deploy newly freed-
www.vitalmagazine.co.uk | November-December 2014
While that’s all well and good if your IT is fully virtualised, this just isn’t the case for most organisations today. Companies typically use a mixture of virtualised systems, cloud services and legacy physical kit in a so-called “hybrid IT” environment up human resources into activities that add more value to the business. It also eliminates the constant worry that a misconfigured firewall, system, application or network could open up an organisation to security breaches, compliance failures or system downtime – any of which could result in serious reputational damage and/or financial loss. But how easy is it for a typical organisation to implement Security Policy Orchestration? Generally, it’s best to take a phased approach. First you need to define the policies you need to enforce, as distinct from the technologies doing the enforcement. It is then relatively simple to connect your software to your infrastructure (both the physical and virtual parts), at which point the system will start passively analysing your set-up, giving you valuable insights and alerting you to potential issues – such as any parts of the system that have been misconfigured, or when a change to one part of the system causes a policy breach somewhere else. Even bigger benefits flow though when you move into the second phase of Security Policy Orchestration deployment – full automation. Once you let the system proactively take control, when you action a change it will automatically make all the necessary configuration tweaks to connected physical and virtual equipment that are required to ensure the organisation still adheres to all of its security, risk and compliance policies.
Automation accelerates the process As with all process changes or additions, a small investment of time and patience is required as the system matures and settles, but this is very quickly recouped once Security Policy Orchestration is fully up-and-running. Automation massively accelerates the speed at which an organisation is able to make network changes, as well as dramatically reducing its exposure to risk and freeing up even more IT resources. The additional agility and efficiency this enables gives an organisation a clear competitive edge over rivals that haven’t embraced Security Policy Orchestration, allowing it to innovate more quickly at lower cost, serve partners, staff and customers more effectively and thus capture more business in the markets it is targeting. Ultimately, though, all organisations will have to embrace automation. When the legacy systems are finally decommissioned and “software-defined everything” becomes the norm – which won’t be that far into the future – all network and policy management (and much more besides) will be automated. The market is heading inexorably in that direction. This immutable fact only makes the case for deploying Security Policy Orchestration now even more compelling. After all, the organisations that get a head start today on what everyone will be doing tomorrow are far more likely to stay in the lead.
35
VitAL Management
The Internet of Things: The impact on enterprise networks Research commissioned by Infoblox found that more than half of IT networks are already at capacity, leaving no room for the explosion of devices and data that the Internet of Things (IoT) will bring. Cricket Liu, chief infrastructure officer at Infoblox, explores the survey’s findings and their implications…
The limited capabilities of many IoT devices provide new security vulnerabilities to consider. A lack of strong mechanisms for authentication on many devices leaves network administrators with weak alternatives at best has been no information technology development T here since the beginning of the Internet that has promised to revolutionise our lives as much as the Internet of Things, or IoT. The staggering scale of this development was recently illustrated in a report by Gartner, which predicted: “The installed base of ‘things’, excluding PCs, tablets and smartphones, will grow to 26 billion units in 2020, which is almost a 30-fold increase from 0.9 billion units in 2009.” Unsurprisingly, there has been considerable discussion on the impact that the IoT will have on our lives. Most of us eagerly
36
anticipate a time when a fridge will order milk when you’re running low; when a connected onesie will monitor your baby’s breathing and temperature; or when a car will tell you via your smart phone when to increase your tyre pressure. However, there has been less concern regarding how the IoT will be delivered. The IoT can only succeed if it is sufficiently supported by networks, and the network technologies and network managers on which they depend. Infoblox recently commissioned an independent survey of 400 network professionals in the UK and US to investigate the impact this immense growth of connected devices will have on enterprise networks and their managers. The survey results revealed the majority of businesses have already begun www.vitalmagazine.co.uk | November-December 2014
VitAL Management developing an IoT infrastructure, with 78% of respondents reporting that they had already implemented connected office equipment on their network, such as badge readers, cash registers and vending machines. Another 73% reported having security “things” such as surveillance systems. However, there has been a far lower implementation of any infrastructure specifically to support IoT deployments. Almost two thirds of organisations (65%) are yet to invest in dedicated networks or management systems, which would be essential for successful IoT employment.
Choose your network wisely Without a network infrastructure dedicated to Internet of Things devices, most organisations are assigning their “things” to existing networks. Developing a separate logical or physical network for connected “things” seems low priority, with just under a third of the organisations surveyed (30%) planning to create one to accommodate these new devices. Almost half (46%) simply plan to attach the devices to their corporate network. Recent panel discussions with Infoblox customers revealed that one way many organisations plan to accommodate connected IoT devices is by dumping them on existing guest wireless networks. However, whilst this response provides the Internet access required by many “things”, it will often not allow the devices to access internal resources, such as Domain Controllers, database servers and file servers, which they may need. Furthermore, these networks provide insufficient support for certain categories of IoT devices, with many offering unpredictable performance, no prioritisation of traffic, and very little or no authentication. However, this treatment of IoT devices is largely a result of insufficient capacity: more than half of current enterprise networks surveyed (57%) are already at full capacity. This concerning statistic has not gone unnoticed, with 54% of administrators claiming that management of their network infrastructure is considered a high priority for their business. Where network capacity is a problem, network administrators must manage their IoT devices on a “thing”-by-“thing” basis. Each type of IoT device has various network requirements that must be considered when connecting it to a network.
Concerns to address These various requirements seem only to have been noted by the IT department. Many IoT devices are reportedly being “thrown over the wall” for deployment following another business unit making an independent purchasing decision. As many as 60% of network administrators reported that they had been brought in to support IoT device deployment after another department in the organisation had acquired them. The current popularity and hype surrounding IoT devices, coupled with the distinct lack of information regarding the means of deploying such devices on a network, has resulted in an ignorance of the challenges that this poses to network administrators. 63% of respondents claimed the department that purchased the devices had not anticipated the challenges involved in the deployment. A number of these challenges may be due to poor coordination between business departments and enterprise IT staff. Some devices are designed to be used by consumers, so
www.vitalmagazine.co.uk | November-December 2014
they lack tools and features that enable them to be used for business purposes. Others are, simply put, poorly designed. Those which can be deployed across an enterprise network may then still pose problems. Devices without a user interface are difficult to configure, creating further work for network administrators. This may then extend to upgrades, requiring network administrators to micro-manage the devices throughout their lifespan. The limited capabilities of many IoT devices provide new security vulnerabilities to consider. A lack of strong mechanisms for authentication on many devices leaves network administrators with weak alternatives at best. This presents new problems to organisations trying to ensure secure access to their network from these connected devices. Providing data security is paramount for businesses, with hacks and data breaches turning up in the news almost every week. CIOs and CEOs alike must pay more attention to the concern expressed by almost two thirds of respondents (63%) regarding the potential security challenges represented by their organisation’s IoT deployments. The security challenge is further amplified as more than half (56%) of IT managers expressed concern regarding their ability to control where IoT deployments were taking place across their business. Only 45% of respondents were confident that they received sufficient information to allow them to manage the deployments ordered by business units such as operations, sales or marketing.
Coordination is the key to success Network managers need to ensure that they are involved with any discussions surrounding the procurement and deployment of new IoT devices long before any purchasing decisions are made. Business units within an enterprise must be made aware that consultation with the network team is essential if they want their IoT devices to meet expectations and to have access to all the information they require. All purchased devices must reflect an established network access policy for connected “things”, in order to preserve network security and make the most efficient use of available network resources. Businesses who plan to invest in IoT deployment need to ensure they are putting necessary systems in place to prevent network teams from becoming overwhelmed. Network control and automation systems should be explored as a means of tackling the increase in time-consuming manual tasks such as IP-address management. The introduction of such a large number of connected devices will significantly increase the number of IP addresses. 81% of respondents believed that supporting the IoT will necessitate an expansion of a company’s IPv6 deployment. To avoid any delays and issues caused by the current global shortage of IPv4 addresses, IPv6 deployment needs to be a priority. The Internet of Things promises to be a fascinating development in information technology, and the way technology is used in an enterprise. Implementing the Internet of Things on enterprise networks will be a challenge that must be addressed by the entire company. With planning and greater cross-department communication, the series of potential challenges and frustrations can be explored and addressed, and IoT can become an enterprise reality.
37
VitAL Management
How to align IT with business strategy Ram Vaidyanathan, of ManageEngine, offers top tips on how to align IT with business strategies…
role of the IT department has never been more T heparamount in today’s digital age. Not only can IT
departments save organisations thousands of pounds by mitigating security risks daily, they can also underpin a whole business strategy. With IT at the core of business demands, organisations of all sizes can truly know the demands of their customers and power ahead of the competition. Below are some top tips on how to effectively align IT with your business objectives: 1. Having a dynamic CIO is crucial: Organisations that have a CIO who collaborates with top executives, will be on the front foot. A CIO who analyses market data and trends, and strategises for the future, can drive forward any business agenda. The CIO must invest in the right technologies to power companies to succeed in the marketplace. This will help transform the way a company does business. 2. Relay the IT story: Something as simple as sending a monthly newsletter that lets the entire business know how IT is impacting them, can do wonders. This will ensure that IT is correctly perceived as the lifeblood of the company. Gradually, IT will be able to build stronger relationships with other functions. Throughout the process, the IT team will motivated to work harder. 3. Creating brand equity through technology: The IT team should be in a position to deliver on its promises, so that customer loyalty is not lost. The IT catalogue must be developed with brand equity in mind. Furthermore, the IT team must always strive to work towards customer goals. 4. Improve productivity with mobile: Bring Your Own Device (BYOD) initiatives can be a powerful working tool. In the US, UK and Germany specifically, BYOD accounts for 21% of productivity gains in an organisation. For the IT department, deciding which employees get mobile access, what data they can access, and what type of devices can be used for access, is crucial from the perspective of security and asset management. 5. Use big data to drill down into detail: The right data analytics tool can make the world of difference. Big data analytics can uncover specific
38
The right data analytics tool can make the world of difference. Big data analytics can uncover specific customer details, allowing for greater connectivity with each customer customer details, allowing for greater connectivity with each customer. Using big data to reveal business insights is the key to increasing operating margins within a company. 6. Focus on the cloud: Netflix is a prime example of a large organisation using the cloud, so it can exclusively focus on content. Superior content is one of the main reasons Netflix accounts for 33% of all prime-time web traffic in North America. While public cloud is simple and low-cost, it may also be less secure. A private cloud, on the other hand, offers greater security and compliance. It is however, more expensive. A small- to mediumsized business may opt for the public cloud’s pay-as-you go flexibility, whereas a larger organisation may prefer the private cloud with its increased security measures. A hybrid cloud can also be implemented, to hold both sensitive and non-sensitive information. 7. Show the ROI: The costs and benefits of IT projects must be quantified, and a business case needs to be presented before getting the green light for the investment. The indirect gains due to increases in employee productivity, collaboration and customer satisfaction must also be taken into account when calculating ROI. 8. Move fast: IT projects need to be driven forward fast to create positive business impact in the shortest possible time. A business can also gain a competitive edge from adopting technology early, and measuring project deadlines in days, not months. 9. Eliminate the need for shadow IT: While shadow IT (the use of software apps and devices that have not been officially sanctioned by the business) can lead to short-term gains for the departments that use them, it can also lead to inefficiencies, security risks and wasted time. A fully integrated IT system enables different departments to collaborate on a common platform and work towards achieving business goals. IT teams will need to be one step ahead of business demands to beat the competition in today’s market, and need to know the demands of their customers at all times. By creating a clear IT roadmap and working closely with the business to drive toplevel goals forward, IT can be seen as a strategic enabler, helping to deliver business success.
www.vitalmagazine.co.uk | November-December 2014
Software Testing Network Strength in numbers www.softwaretestingnetwork.com
Membership benefits include: Series of one day debate sessions High-brow webinar streams Research & industry findings Exclusive product discounts Peer-to-peer networking Annual gala dinner And so much more...
Becoming a member of the Software Testing Network joins you together with like-minded professionals that are all striving for technical excellence and championing best practice and process
VitAL Management
Does your website meet the legal requirements? Whilst technology has allowed even the smallest business to enhance the appearance and functionality of their website, the need to comply with the legal requirements set out under UK and EU law appears to have passed many by, Nichola Jenkins, a solicitor in the Intellectual Property and Technology team at SGH Martineau, discusses this growing area of concern with VitAL Magazine…
much effort is put into the development of websites, S oensuring they are innovative, eye-catching and designed to improve engagement with the target audience, hopefully building long-term relationships. But, in the rush to create an engaging corporate website, the need to meet minimum legal standards has been overlooked. Whether they are unaware of the minimum legal requirements or believe, mistakenly, that the rules only apply to e-commerce sites and those sites selling to consumers, there are too many UK business websites that do not comply with the current regulations. The rules are straightforward and there really is no excuse for non-compliance. All UK registered businesses must display on their website, their full registered name, place of registration, registered number, registered office address and the details of
www.vitalmagazine.co.uk | November-December 2014
any regulator should they undertake regulated activities. The website must also show the VAT number of any registered business and if a business is being wound up, that must also be made clear on the site. Websites of sole traders or partnerships should display the address of the principle place of business and additionally, companies who use their website to sell products, services or digital content, must provide detailed information about the offering and right to cancel.
Cookies Whilst everyone knows a cookie is a file that allows a website to recognise and profile its visitors, there are some that have missed the fact the rules governing their use changed in 2011 and website visitors must now consent to their use. Although there are certain cookies deemed “strictly necessary”, which do not require the user’s consent (such as those used
41
VitAL Management
The rules are straightforward and there really is no excuse for non-compliance. All UK registered businesses must display on their website, their full registered name, place of registration, registered number, registered office address and the details of any regulator should they undertake regulated activities in relation to shopping baskets for online purchasing), the safest approach is to assume permission is needed to use all cookies on the website, even if it is to just count visitors to it or support the use of Google analytics. If websites continue to take liberties with cookies, there is a real danger growing numbers of users will choose to block all cookies in their browsers, which could require many sites to be re-designed to work without cookies. This can be very expensive and a better solution is to be honest and explain what cookies are being used, what information is being gathered and how that information will be used. The user can then make an informed choice as to whether to accept the cookies or change their browser settings. UK regulations on this are interpreted differently to the rest of the EU, which can create problems if a business website is accessed from abroad.
Information Compliance problems invariably arise around the collection, storage and use of personal data, including the sharing or selling-on of this information. If a website is designed to obtain visitor’s personal contact information for future marketing purposes, then care must be taken. Although there is no issue with emailing individuals at a later date, the communication must be in relation to the individual’s original enquiry or transaction. Even then, they must be given a way to unsubscribe from future communications and be taken off any list holding their contact details, if they choose. However, if a business wants to email individuals with general marketing information, unrelated to their original query, they must obtain the express “opt-in” consent of that individual. This is often done by providing tick boxes, but it is essential these are not pre-ticked – doing so puts a business at risk of enforcement action. Whilst these rules only apply currently to individuals (and strangely, partnerships, but not LLPs) and not corporate visitors to a website, businesses should still exercise caution, as many corporate visitors to a site might use personal email addresses to receive information, which would be covered by the stricter regulations governing personal contact details. Finally, it is worth noting that when a visitor to a website provides address details and a phone number, the website operator is able to contact them for marketing purposes, unless and until the individual tells them not to.
Privacy Policy When a business collects personal data and decides to use that information, the business in effect becomes a data controller and must tell everyone what the business will be doing with the information. This should all be contained in a Privacy Policy.
42
This policy should be easy to find on the website and contain a method for contacting the data controller. The ICO, the body responsible for data protection in the UK, recommends a tiered approach to the Privacy Policy, with the basic information readily available, with further details available via clickable links or on request. New rules currently under consideration, surrounding tighter data protection laws, are expected early next year, with stricter consent requirements likely; failure to comply could result in stronger enforcement action and potentially large fines.
Terms and Conditions Although not a legal requirement, a good set of Terms and Conditions on a website can head off a lot of problems. Terms and Conditions are designed to protect a business and should clearly state what the business does and what Intellectual Property (IP) it owns on its website. The terms should also include a Disclaimer of Liability, which warns visitors to the site that any information provided, although accurate to the best knowledge of the website operator, it should not be relied upon as being factually correct. Allowing “user generated content” (UGC) onto websites is a growth area particularly where blog, forums or discussions on sites allow user replies, comments, reviews, etc, to be posted, in the hope of improving engagement with the visitors. It is essential that any site allowing visitors to add content has an Acceptable Use Policy to protect the business from any illegal or offensive material being posted. In effect, the Policy creates a contract between the site owner and the visitor; if they do something against the Policy, they have breached the contract and the business can take the appropriate action. This may involve removing posts, banning individuals from the site or even reporting the activity to the authorities if deemed serious enough, but without the policy in place, the business could also be in trouble. The various “terms” outlined above however, should not be confused with Terms of Supply which are a legal necessity for any business selling goods or services directly to consumers or corporate customers through their website. These Terms of Supply should include information and instructions about payment, delivery, refunds and complaints, together with any limit of liability and consumer protection – a detailed explanation would take more room than we have here. The growing trend for the Software as a Service (SaaS) also requires the seller’s site to have Terms of Service available for visitors to read. Although the regulations sound tough, the simple answer is for every UK businesses to check its site carefully and ensure it complies; failure to do so might be costly. And if any doubt exists consult a lawyer that knows this area of the law, then keep your eyes and ears open for future changes in the rules – ignorance is no defence. www.vitalmagazine.co.uk | November-December 2014
Problem and Incident Management KT Plugin
KT Clear thinking built into
Kepner足Tregoe.com
IT Service Management
Expertise is better shared TOPdesk consultant team leader, Jordi Recasens discusses shared service management… glance at the last few years’ trends shows us how A thequicklargest supporting departments within organisations
are working to become more professional when it comes to service management. This typically focuses on delivering better quality for lower prices. IT integrates new technologies and management models to make services easier to manage and faster to change; facilities departments have been professionalising services using a facility management information system for a while, and, in recent years, HR has switched to eHRM. It is notable that these individual departments are primarily acting on their own initiative. Users are now accustomed to a fast, central and even cost-free way of having their questions answered. However, supporting departments frequently focus only internally, with their own frameworks, standards and methods (ITIL, ISO, NEN, etc.), while knowledge platforms, shows and magazines all focus on a specific audience. Shared Service Management (SSM) is a new strategic trend: supporting departments are joining forces to improve the quality of services while cutting costs. It is important to acknowledge the strength of each department while searching for the areas where the services overlap and can be improved. The SSM growth model has been developed to help organisations achieve shared services. This growth model, based on experiences in the field, comprises four phases that can be seen as maturity phases within SSM. The way these steps are ordered creates a logical, step-by-step change process, with each phase focusing on one of three areas: tool, organisation or process management.
Phase 0: Nothing shared Each department uses its own tools to support its processes. This can be anything from a professional service management tool to sticky notes. The processes are not coordinated and vary greatly in terms of maturity. Employees focus on their own department. This phase’s greatest challenge is to share information streams with other departments when necessary.
Phase 1: Shared tool A shared service management tool is used to improve the information stream. This results in considerable savings when it comes to licence costs and management. The various departments still use their own work methods, based on their own culture. Nevertheless, agreements must be made about the tool’s terminology and set-up.
Phase 2: Shared service desk The end-user can now bring all requests to a single digital and/ or physical desk. With the exception of agreements about how
www.vitalmagazine.co.uk | November-December 2014
The SSM growth model has been developed to help organisations achieve shared services.This growth model, based on experiences in the field, comprises four phases that can be seen as maturity phases within SSM calls are registered and routed, each department processes calls in its own way. But this does lead to a considerable improvement in quality for the end-user, as well as reduced costs resulting from sharing resources at the service desk.
Phase 3: Shared processes The processes and procedures that require the departments to work together, or feature a considerable overlap in activities, are designed in collaboration. Call management and employee changes are the most obvious examples with which to start. This will happen gradually, and will not be equally relevant for all processes. After implementing this new shared process, the process management must also be centrally sourced.
The right ambition As long as IT managers are only focusing on saving money, organisations will not progress much further than Phase 2. Optimal results can only be achieved when managers also focus on the quality of services (regardless of the phase). If you wish to achieve this, the ambition must always be to meet the growing demands of the business by combining the strengths of the supporting departments – but saving a lot of money while doing so.
45
Breakthrough Technology
3D-printed rocket is out of this world VitAL Magazine reports on a new project by a British team whose mission is to launch the first ever, 3D-printed rocket into space…
Without doubt, this is the most complicated amateur high-altitude mission ever undertaken. We’ve spent four years, thousands of hours and quite a bit of cash overcoming numerous technical challenges Low Orbit Helium Assisted Navigator (LOHAN) T heMission is an audacious plan to launch a 3D-printed, rocketpowered spaceplane into the stratosphere at three times the cruising altitude of a transatlantic jet. EXASOL AG, the provider of EXASolution the world’s most powerful engine for analytics and data warehousing, according to the company, is the lead sponsor of the project. The Vulture 2 will rise to an estimated launch altitude of 20,000m under a carbon fibre launch structure lifted by a helium-filled meteorological balloon. Once the rocket motor fires – courtesy of a custom-built electronic igniter board – the aircraft will soar to a heady 25,000m, then the Vulture 2 will glide back to earth under autopilot control. With the help of EXASOL’s sponsorship, the British team – headed up by The Register’s Special Projects Bureau – will launch what is arguably the world’s most advanced amateur UAV (unmanned aerial vehicle, also known as a stratospheric drone) at the home of Virgin Galactic – Spaceport America, New Mexico, by the end of 2014.
46
The Vulture 2 was designed by post-graduate aeronautical design students at The University of Southampton and produced with industrial-scale 3D-printing equipment. The avionics are an advanced mix of 3D Robotics autopilot and British-built Raspberry Pi. Between them, they will use GPS, airspeed and other telemetry to navigate the Vulture 2 back to a predetermined landing site. Cameras will record the entire flight from ascent, through to blast-off, and on to landing. Lester Haines, Head of the Register’s Special Projects Bureau, and holder of the Guinness World Record for the highest launch of a paper aeroplane, said, “Without doubt, this is the most complicated amateur high-altitude mission ever undertaken. We’ve spent four years, thousands of hours and quite a bit of cash overcoming numerous technical challenges, and we’re delighted that EXASOL has come on board for the grand finale. We don’t know quite what will happen when the big day arrives, but one thing’s for sure – it’s going to be quite a show.”
www.vitalmagazine.co.uk | November-December 2014
V ITAL INSPIRATION FOR THE MODERN BUSINESS
Print | Digital | Online For exclusive news, features, opinion, comment, directory, digital archive and much more visit
www.vitalmagazine.co.uk
Published by T H I R T YO N E
www.31media.co.uk
VitAL Online has undergone a redesign, and now features breaking news, events, as well as information on upcoming Focus Groups and Executive Debates
SUCCESSFUL SOFTWARE DELIVERY
DO YOU WORK WITH THE SAME VISION? Create the software your business really needs Requirements. It’s surprising how often a single link can break the software supply chain. But it’s where most defects occur. Removing them later in the lifecycle is costly, impacts delivery schedules and drains resources. That’s why errors and rework so frequently undermine project success. While complexity has increased exponentially, managing requirements hasn’t evolved at the same pace. Borland tools can improve collaboration. Our technical solution keeps stakeholders in sync throughout the project lifecycle. Better input means better products. So join the thousands of Borland customers who already tackle requirements the right way ... precisely. See more at www.borland.com/connect
Copyright© 2014 Micro Focus. All Rights Reserved. Portions Copyright © 1994-2009 Borland Software Corporation (a Micro Focus company).