Category Archives: Tech Thought Leadership

Written by Paul Stark, General Manager of OnBoard

It may come as a surprise, but boardrooms and board members can be the most hesitant when it comes to adopting and embracing new technologies. Indeed, for some boardrooms, implementing Zoom was their first and only foray into cloud technology. Driven by the pandemic, most boardrooms have had to digitise to some degree, to adapt to the new ways of working that nearly all of us all now operate in. But there is no time for boards to rest on their laurels any longer, for a new evolution of the boardroom is coming – the evolution of data.

Data will become the foundation of how a board operates, from organising proceedings pre-meeting, creating an effective and efficient meeting, to ensuring follow-ups and actions are carried out smoothly post-meeting. But data won’t simply be relied upon to make meetings more efficient – data insights will propel boardrooms into a new era of evaluation and measurement.

Data can ultimately convert information into actionable insights, to make boardrooms more effective. For example, data can inform a chair of a board as to how engaged board members actually are, or how the meeting’s efficiency can be improved. Making the shift from simply adopting cloud technology to embracing actionable data is the next step for boardrooms to take.

Below are four key ways in which data will transform the workings of boardrooms.

Data-driven agendas

Many boards huddle after a meeting has taken place, and discuss anecdotally how they felt that meeting went and what the discussion highlights were. Traditionally, these discussions ended there but, with technology, this feedback can be collated online and turned into actionable insights, so that the next board meeting reflects what the participants are expecting and agenda items are in sync with what they want to talk about.

Data can also enhance a meeting before it’s even begun. For instance, technology and board portals can allow for materials to be read and commented on, online, before the meeting – therefore, giving those planning and chairing the meeting an oversight into what needs to be discussed at that board meeting. In some cases, this has led to agendas being completely re-written or re-ordered, to be more in tune with the discussion points people actually want to discuss – leading to a far more engaged board. There is a shift happening right now in making boards more forward-thinking.

Ongoing feedback and assessments

As board meetings become increasingly digital, the more data there is to harvest from them. And with data analytical tools, board meetings themselves can be rated and valued for future improvements. In some cases already, board members can go online and give a recently attended board meeting a rating, out of five or 10 for example, and give their feedback as to how it can be improved.

Over time, once patterns have been formed, data analytics can determine what works well for each board in different sectors, be it financial, healthcare or technology. Making these insights readily available goes some way in ensuring board meetings are run at optimum efficiencies and engagement is high.

Intelligent forward planning

Forward planning will become far more advanced and widespread in boardrooms.

For example, online portals can alert a CEO, or someone holding a similar position, as to which board members are reaching retirement age for example, and what their unique skill set is that will subsequently need to be filled once they have retired. With this information, boards can put the upcoming vacancy to market, ensuring there is no skills gap and the transition of replacing a soon-to-be departing member is a smooth one.

Such enhancement of cloud and data technology is removing the need for humans to carry out these processes, and empowering board members to perform roles that add value.

Data-led decision-making

Implementing data analytics to gain a full view of the company can highlight specific areas that require immediate attention, which can deliver measurable results – for instance, helping management teams see how to direct budgets into new investments where they will deliver the best ROI.

Further, AI-powered predictive analytics can be a game-changer in identifying and preventing potential risks before they happen, optimising cybersecurity or fraud prevention – a growing concern and priority across financial markets.

The potential benefits of a data-centric business model range from boosting operational and cost efficiency and revenues, to informing hiring strategy, customer engagement, risk management, governance, reporting, lending decisions and forecasting.

It can also open up access to more exciting developments, such as quickly spotting opportunities and gaps and acting on them, targeting new market segments, making timely product enhancements, plus directing leaders’ attention to synergistic cross-selling, partnership and acquisition possibilities.

The data evolution in the boardroom is upon us, accelerated somewhat by the pandemic which forced all boardrooms to innovate further and at a fast rate. Now, boardroom efficiency is being transformed thanks to technology and online tools and portals – readily available digital is not only speeding up processes, but allowing boards to become more forward-thinking and plan better for the future.

A data enabled boardroom is the next evolutionary step for boards everywhere.

News, Tech, Tech Thought Leadership

External file transfers – do they need to be risky business?

December 6, 2021 Lisa Baker, Editor, UK Business News

Written by Nicole Lin, MD of Synology UK

Hybrid working, although a recently evolved model of working, is here to stay for the foreseeable future. And, whilst some business owners debate the longevity of this model it does make sense for SMEs to ensure their cyber security processes are suitable for this new way of working. There are many benefits to hybrid working which smaller businesses are best placed to capitalise on, but there is also an increase in risk too.

Whilst setting-up and maintaining secure IT systems should be straight forward for SMEs, the plethora of options combined with the exponential rate of growth in IT services has made this a minefield for many business owners. Everyday tasks, such as sending files to external partners, suppliers, and clients should be simple and yet too often this is where many firms fail at the first hurdle.

We know that external file transfers create a security challenge, but the movement of sensitive data to external end users is also a core operational process for every business, including SMEs. So how can SMEs minimise risks when it comes to file transfers?

Today there are several on-premises storage solutions already in place including Synology’s C2 Transfer, which were created to empower businesses and home-users to solve their data management challenges. These challenges typically involve connecting remote teams, enabling file sharing and collaboration between people.

But until recently the last part of the puzzle had not been fully addressed for SMEs. Namely, how can teams securely send out important and potentially sensitive files to clients, partners, and suppliers without exposing the business to risk?

Identity verification and end-to-end encryption

We know that most file collaboration solutions, including cloud or on-premises solutions, protect data through permission management and audits of individual account activity. However, deliverables still have to be sent to external parties that do not have accounts.

In an ideal world for SMEs, the transfer of sensitive data should remain simple for all parties involved whilst ensuring that files are always delivered to the right person, even if a link is accidentally published or shared with the wrong person. The approach we recommend to ensure files are transferred safely is, to verify identities by sending a one-time password (OTP) to a sender-specified address or phone number to ensure that only the intended recipient can access the files.

Business interruption caused by supply chain issues has recently hit the headlines again, yet cyber security, IT failure and data breaches still remain a top concern in 2021 for UK small businesses according to the Allianz Risk Barometer.¹ The pandemic fundamentally changed the working model for many organisations and this fuelled concerns around cyber security for a variety of reasons. It’s important to remember that businesses, especially SMEs who have the ability to be agile and respond quickly to change, can help employees to reduce the likelihood of cyber-attacks, data breaches and IT failure.

Five key areas for UK SMEs to address are: –

Adopt and deploy identity verification and end-to-end encryption when transferring files to clients, partners, and suppliers to reduce risk to the business
Encourage the use of strong passwords, and have a clear and robust process for reporting a security breach
Enable two-factor authentication methods and the use of one-time passwords (OTPs) to ensure only the idented recipients have access to data you share outside the company
Ensure security settings such as watermarks and number of downloads before link expiration are enabled to be able to audit and track when security breaches occur
Roll-out a training and awareness programme to all staff so that they fully understand best practice when it comes to preventing cyber-attacks, data breaches and IT failure.

As we emerge into new business models and ways of working in a post Covid world, understand and managing risk within a business remains important. Whilst risk management has always been an element of running a successful SME, the landscape of risk has fundamentally changed.

Understanding what this new landscape looks like, as well as the solutions available to small businesses in the UK will help business owners and senior leadership teams to navigate a safe way through. It is unlikely that we can eliminate all risk to business, but what we can do is equip you with the knowledge to prevent and significantly reduce risk.

Broadband, Networks, Tech Thought Leadership, Telecoms

Overcoming the Challenges of IPv4 Exhaustion

November 29, 2021 Lisa Baker, Editor, UK Business News

Written by Adrian Taylor, Regional VP at A10 Networks

As hundreds of regional communications service providers rush to deploy broadband and add thousands of new subscribers to their networks, they face a long list of tasks and budget items to be addressed. Most of the budget and buildout schedule will focus on the physical deployment of the fibre (FTTH) or wireless access. However, back in the core network, one of the important decisions—and one that needs to be made early in the planning process for a network buildout or expansion—is how to approach IP connectivity.

Given the exhaustion of IPv4 addresses, and the cost and complexity of migrating from IPv4 to IPv6, operators need to think carefully about how they will provide an IP address for every customer. After all, a network won’t run without IP connectivity.

This isn’t just a technical decision. The choices made now can make a 15% difference in annual operating expense, with a direct impact on how effectively the business will be able to grow and scale over time. In this blog, we’ll discuss the issues and options around IPv4 exhaustion, including whether to acquire additional IPv4 addresses, the feasibility of migrating to IPv6, and how operators can address the co-existence of IPv4 and IPv6 within their existing network infrastructure.

Why IPv4 Exhaustion Is an Issue

In a sense, IPv4 exhaustion results from the internet being too popular for its own good. When the IETF introduced the standard in 1981, the more than 4 billion addresses it encompassed seemed more than ample. Within a decade, though, it had become apparent that far more would be needed. IPv6, a successor specification introduced in 1998 and ratified as a standard in 2017, can accommodate virtually unlimited IP connectivity.

However, making the transition from IPv4 to IPv6 has proved anything but simple. Due to a lack of backward compatibility, IPv6 compatibility is required across every element of communication: devices, networks, and content. With IPv6 adoption uneven in all these elements, communication service providers must continue to support customers’ connectivity to IPV4 resources regardless of their plans for migrating their own infrastructure to IPv6.

As they face this complex situation, operators have three basic choices. They can seek to acquire IPv4 addresses to expand their existing pool. They can try to accelerate their IPv4 to IPv6 infrastructure conversion while applying a transition technology to address uneven adoption. Or they can extend their existing IPv4 investment while planning for migrating to IPv6.

What IPv4 Exhaustion Means for Rural Broadband Providers

Many regional or rural broadband communications service providers have built their networks on IPv4, simply dedicating a public IP to each subscriber or household served. Now, as these operators expand their coverage to previously unserved areas, acquire new subscribers through acquisition, or respond to increased demand for upgraded broadband access from existing subscribers, they are finding that their allocation of IPv4 addresses will soon be inadequate. And the faster their subscriber base grows, the larger and more urgent their IPv4 exhaustion challenge becomes.

Deciding Whether to Acquire Additional IPv4 Address Space

As communications service providers consider their options for IP connectivity, they need to consider the long-term growth of their subscriber base and its economic implications. This is especially true if they choose to buy IPv4 address blocks—an approach that can quickly become expensive.

In some ways, it’s not true that we have run out of IPv4 addresses; in fact, there are IPv4 addresses available to be acquired, mostly through third-party brokers. Technically, IPv4 addresses are not bought or sold, they are acquired from a third party (usually at an auction price), then assignment is transferred through a regional internet registry (RIR). However, they’re not cheap, and their quality can be questionable. Since 2015, when IPv4 addresses could be acquire for about £4 each, the price has skyrocketed 5X. On today’s open market, IPv4 addresses cost up to £23 each, or £231,000 to support 10,000 subscribers. With an annual growth rate of 23% over the past three years, this price could nearly double by 2023 to almost £43 per address, or £434,000to support 10,000 subscribers.

Even at the current price, £231,000is a lot for a fast-growing communication service provider to spend on IP connectivity. Consider that the capital budget for a fibre-to-the-home (FTTH) location is roughly £1300, the operator could build out 178 more locations for the same amount of money—and accommodate that many more subscribers.

Alternatively, the regular addition of IPv4 addresses as subscribers are added over time can add nearly 15% to operating expense. The Fiber Broadband Association has estimated that the average operating expense for FTTH is £38 per subscriber, per year. Assuming an average of £22 – 38 per subscriber to buy IPv4 address space, and spreading this cost over five years, operators face an additional expense of nearly eight dollars per subscriber, per year—almost a 15% increase over the base operating expense.

What about Migrating from IPv4 to IPv6?

While migrating to IPv6 will likely be inevitable in the years to come, for large enterprise and regional SPs with extensive legacy infrastructure, full conversion from IPv4 to IPv6 is often not practical in the short term. This is a long, costly, and complex process that can involve inventorying and evaluating all existing network elements and devices; reconfiguring routers; changing out incompatible customer premises equipment (CPE); and managing customer communication. There are ample opportunities for things to go wrong along the way, bringing the requirement for extensive testing and troubleshooting to reduce risk.

Extending IPv4 blocks with CGNAT

Given the problems posed by either buying IPv4 addresses or attempting a full IPv6 migration, many rural and regional broadband providers are turning to the third option: extending their existing IPv4 investment while preparing for migrating to IPv6. This approach hinges on carrier-grade NAT (CGNAT), a technology that makes it possible for one public IP address to be shared across multiple subscribers, most commonly at a ratio of 32:1 or 64:1.

Developed specifically to address IPv4 exhaustion, CGNAT helps service providers extend the life of existing IPv4 network infrastructure without the need for acquiring additional IPv4 addresses. CGNAT, combined with one of the many available transition technologies, can help operators make a simultaneous and seamless IPv6 migration.

AI, Tech, Tech Thought Leadership

How is Speech Recognition and AI Fighting Fraud?

November 29, 2021 Lisa Baker, Editor, UK Business News

Speech Recognition and AI are providing new, effective technologies to drive better fraud prevention. While fraudsters are quickly developing new techniques to remain undetected, AI can evolve and adapt to these changes, providing more reliable protection. Companies have already started investing in AI technology in force, with 31% of CIOs reporting having already implemented AI, and 23% expressing the intent to deploy the technology in the next year.

How does voice recognition and AI work to combat fraud?

Machine learning is vital to anti-fraud AI systems – it is the process that enables algorithms and analysis to adapt to evolving fraudulent techniques. Through the application of data from previous interactions, machine learning operates different algorithms and processes to improve the technology’s functional capabilities over time with limited human involvement. Data that was previously difficult to understand or apply to anti-fraud measures can be effectively repurposed, allowing for various indicators of fraud to be detected. For example, checking for consistency in the details of a claim, discovering social connections between claimants and witnesses (through social media connections), and detecting more complex behavioural indicators.

Other AI such as Conversational AI, Natural Language Processing (NLP), and Automatic Speech Recognition (ASR) are used to build on and augment machine learning models. Conversational AI facilitates automated, voice-enabled applications allowing more efficient technology-to-human communication. NLP bridges the gap between machine learning and the rules of human language, allowing the processing of sentiment and intent behind human interactions, and ASR allows for the translation of speech into different formats, assisting with the recording and processing of data.

The collaboration of these systems – combined with the efficiency of machine learning – enables a more comprehensive detection and prevention system against fraud.

What can these AI systems detect and analyse?

Modern AI systems have the ability to detect various speech, language, and behavioural traits during customer-facing interactions. Features such as indirect language, hedging, delaying, and frequent pausing have been traditionally associated with fraudulent calls, and can be detected via the use of AI analysis. AI will also detect abnormally high emotive indicators or exaggeration in fraudulent calls.

However, it is important to remain aware of the rapid evolution of fraudulent strategy. Organised fraudulent operations will always be seeking new ways to avoid detection and are swiftly adopting new technologies that assist them in bypassing voice recognition measures. Currently, biometric voiceprints can be taken of fraudulent callers, meaning that if they call again assuming another identity, they can be stopped. To combat this measure, fraudsters have been utilising “deepfake” technology, which can mask their voice in real time, creating a new biometric voiceprint. It is vital that businesses have the latest anti-fraud technology at their disposal to adapt to these new techniques.

How does the use of AI extend beyond fraud detection?

The capabilities of AI are constantly expanding. Sentiment and emotion analysis provide some of the newest developments to AI technology, allowing AI to detect and interpret the tone and sentiment in customer interactions, providing new insight into whether they are reacting positively or negatively to certain methods or communications. Information gathered about customer interaction, sentiment, and emotion can be a significant asset for businesses, providing the opportunity for evidence-based improvements to customer-facing operations.

Using wider behavioural analysis through AI is also an asset to the development of better safeguarding for vulnerable customers. Individuals who are identified as vulnerable – most commonly unemployed, young, or elderly adults – can be provided with the necessary attention and care, allowing employees to take the relevant measures to ensure their needs are met. Although some feel that the current shift into more developed voice analysis is intrusive, it allows companies to take better care over their customers, detecting potential vulnerabilities, and protecting those who are more susceptible to risk.

Nigel Cannings is the founder of Intelligent Voice, a company leading the international development of proactive compliance and technology solutions for various forms of media. His experience in both technology and law provides a unique insight into the future of these technologies and the legalities surrounding them.

Cybersecurity, News, Tech, Tech Thought Leadership

Surviving the Data Protection Horror Show

November 24, 2021 Lisa Baker, Editor, UK Business News

Whether you’re fending off Michael Myers or ransomware, common-sense solutions are often effective at keeping yourself and your critical data safe.

After a week spent polishing off leftover Halloween candy, binge-watching scary movies, and delaying the inevitable Holiday-season push, I had an odd thought: Protecting your data is a lot like protecting yourself in a horror film. The key ingredient is often just…common sense. Allow me to explain.

For example, if you ever find yourself in a horror movie and you hear a strange noise coming from the attic, don’t investigate. If you’re spending a night with friends at a cabin in the woods, never split up. If you think your house may be haunted, ditch the Ouija board and move. And, as Scream taught us, never, ever say, “I’ll be right back.” You won’t be. Common sense, right?

Nevertheless, countless unsuspecting horror movie victims fall into the same traps (tropes) year after year. They just can’t seem to help themselves. The beautiful minds over in the Geico marketing department nailed it: “If you’re in a horror movie, you make poor decisions.” But it doesn’t have to be this way.

The lesson here: instead of hiding behind those chainsaws, we simply need to jump in the running car and get the heck out of here!

Avoiding Common Cybersecurity Traps (Tropes)

The good news is, when it comes to protecting our data, we’re not living inside a horror movie (we might be living in a simulation, but that’s more Sci-Fi). The truth is, we aren’t unsuspecting victims, and we can help ourselves. The puzzling part is why so many of us don’t.

Recent iland research revealed that despite working diligently to evolve business needs and battle increasing threats to critical data like ransomware, disaster recovery solutions and testing remain somewhat of an afterthought for many organisations. The report, “When Plan B Goes Wrong: Avoiding the Pitfalls of DRaaS” surveyed 150 technical and business decision makers from organisations drawn from a wide cross-section of U.K. enterprises. The objectives were to establish what DR systems organisations currently have in place, how often plans are tested, and whether enterprises are confident in their ability to recover from disaster as swiftly and easily as possible. The results were akin to, well, a horror film — quite unsettling.

Despite two-thirds of those surveyed experiencing an outage within the last 12 months and half of those within 6 months, just over half had a documented, company-wide DR plan in place. Just over half of those surveyed were testing annually, some at even less frequent intervals. Six percent did not test their DR at all.

Like getting dropped off at Camp Crystal Lake or trying to outrun Michael Myers, that’s just downright frightening.

The number of data breaches this year has already exceeded the total for all of 2020, according to the Identity Theft Resource Center (ITRC). When it’s all said and done, 2021 will be a cybercrime record breaker. However, we also know that companies with a trusted backup and disaster recovery plan in place are far more likely to survive a ransomware attack.

So, what gives? It’s about time we make backup and DR just as mission-critical and common-sense as avoiding the attic or getting the heck out of dodge. Otherwise, we’re just tempting fate.

Keeping Your Critical Data Safe with iland

The increase in cybercrime frequency, sophistication, and impact means security must be a top priority for all our workloads. Luckily, security is a part of the iland origin story. As internal and external threats evolve, so too does our platform approach to protecting data. iland provides the highest levels of security capabilities and features available today, integrated with all services, and ready to adapt to your ever-increasing security requirements.

Security should never be an afterthought. Have flashlight batteries fully charged, trained support team at the ready, and a Ouija board out of sight.

For more information on how to protect your business and avoid making common-sense data protection mistakes, download our free research white paper, titled, “When Plan B Goes Wrong: Avoiding the Pitfalls with DRaaS.” Stay smart and stay safe out there.

Data & Analytics, News, Tech Thought Leadership

Ashley Kramer: Analytics in the age of application overload

October 27, 2021 Lisa Baker, Editor, UK Business News

The rise in remote work due to Covid-19 has also increased the number of business applications that business workers must use every day. Identify-management company Okta reports that the average customer in 2020 used 88 apps, with many customers reaching almost 200 apps. Gartner expects our reliance on workspace collaboration apps to increase in the coming years, becoming “virtual water coolers” for a distributed workforce.

Interestingly in the UK, reports show Apps by British publishers have an average of 172.47k downloads. Overall they get more downloads than the average of all apps which is 194.81k.

In such a world with so many apps vying for our attention, it’s critical that business workers focus on their workflows without distractions. This includes having to deviate to dedicated analytics apps or dozens of stand-alone dashboards just to answer a data-related question. Instead, people need answers to their questions in the apps they’re already using. Like in the consumer world, analytics should be like a spice, infusing insights into business users’ current workflows.

Imagine a CRM that shows a sales rep which customers to reach out to or which leads require follow-up. Even better, what if the CRM automatically notified a rep that they’re behind or ahead of their revenue targets? Both experiences lead to smarter business decisions and are made possible by analytics without the sales rep even knowing it.

When we view analytics this way, there are limitless other potential examples. Participants in Slack or Microsoft Teams can pull up relevant charts in the channels themselves without ever moving the discussion away from the chat. Executives can seamlessly insert insights and charts directly into presentations at the click of a button — no analyst needed. Developers can infuse custom applications with KPIs, usage analytics and other automatic recommendations.

In this type of world, business workers are in and out of their apps and barely aware that they’re using analytics at all. They’re simply getting the answers they need, making smarter decisions and moving on to the next task.

Simple insights, actionable decisions

The challenge is we continue to focus on technology to make analytics faster, more visual and accessible anywhere from any device, but we ignore that the everyday business professional isn’t interested in stand-alone analytics and dashboards. We can move dashboards to the cloud, we can animate charts and we can make it simple for anybody to query a database. The truth is that to the business user, most of that still sounds like a distraction.

What business users want are insights that will help them make smarter decisions. They would rather have answers where and when they think of a question, without having to leave their workflow and open yet another application. Analytics is the technology that can make that possible, but we must remind ourselves that analytics itself isn’t the point. Like the best technology, analytics is at its best when it becomes invisible.

Invisible Analytics: Consumer apps leading the way?

Today, very few of the most innovative consumer companies actually discuss data and analytics. This doesn’t mean analytics isn’t important; rather, these companies instead choose to show off the experiences that analytics can enable.

Music streaming services, for example, don’t advertise dashboards with our listening habits; they simply give us personalised insights and recommendations based on our listening history. They also do this automatically where and when we want the insights — in the app, and often the moment when we open it.

We can also look at mapping applications, which despite using data and AI, don’t ask us to sign in to a portal and study charts to optimise our travel times. Instead, they take our location, desired travel distance, and current and historical traffic patterns to alert us to leave so we make it to our destination on time.

Our fitness trackers do something similar; they use algorithms to alert us when we’re behind our average movement for the day while also suggesting activities to meet our fitness goals.

In short, consumer companies help everybody make smarter decisions and live healthier lives, and they do this without ever once mentioning terms like analytics, dashboards or self-service. The insights are simply there when we need them, where we need them, in the apps we’re already using.

Accessible data, invisible analytics

Building this dream world of analytics will require that we actually rethink our own focus on analytics. Like consumer companies, we need to remind ourselves that analytics itself is not the point. The goal is to help everybody in our businesses be smarter.

Technology is important, of course, and is how we will reach that goal. Recent advancements in AI mean we can scan and get insights from the largest of data warehouses in seconds. Data visualisation has made data more understandable. Moving to the cloud has enabled us to access data from anywhere in the world.

And today, we believe extensible frameworks means we can embed analytics into any app, infusing them with digestible insights and finally putting data into the hands of business users where they are now. “Let’s look at the data” will become a phrase of the past. The data will already be where business workers want it, when they want it, without them asking for it. They will have their insights, they will make the decisions they need and then they will move on.

Analytics will become invisible, and the everyday worker will become smarter without even knowing it.

About the Author

Ashley Kramer is the Chief Product & Marketing Officer for Sisense. She leads the company’s product and marketing organisations, setting product and go-to-market strategy and vision to drive the value of Sisense’s analytics platform.

Company Bio:

Sisense goes beyond traditional business intelligence by providing organizations with the ability to infuse analytics everywhere, embedded in both customer and employee applications and workflows. Sisense customers are breaking through the barriers of analytics adoption by going beyond the dashboard with Sisense Fusion – the highly customizable, AI-driven analytics cloud platform, that infuses intelligence at the right place and the right time, every time. More than 2,000 global companies rely on Sisense to innovate, disrupt markets and drive meaningful change in the world. Ranked as the No. 1 Business Intelligence company in terms of customer success, Sisense has also been named one of the Forbes’ Cloud 100, The World’s Best Cloud Companies, five years in a row. Visit us at www.sisense.com

News, Tech Thought Leadership

How multi-cloud application delivery is impacting ecommerce providers as they prepare for major growth

October 25, 2021 Lisa Baker, Editor, UK Business News

Written by Adrian Taylor, VP of EMEA at A10 Networks

Ecommerce continues to be one of the most fast-paced and competitive global industries, with industry-watchers estimating that online sales will constitute a fifth of all retail sales worldwide by the end of 2022. As vendors strive to capture their share of market growth, they need to offer exceptional customer experiences that build loyalty and repeat revenue. However, delivering omnichannel excellence puts considerable pressure on infrastructure as site traffic increases and consumer expectations rise.

At the same time, the sector is heavily targeted by cybercriminals seeking to disrupt, extort and damage online retail businesses. Consequently, striking a balance between operational efficiency, cost-control, security and customer satisfaction is a complex challenge.

To resolve the tension between availability, performance, efficiency and security, most ecommerce providers are accelerating their cloud transition programmes with many opting for a multi-cloud strategy. As they do so they are having to make complex technical decisions about application hosting, cloud resources and form factors for the multi-cloud environment. These decisions are driven by the changing landscape in which they are operating and the nature and intensity of the cyber threats they face.

A10 Networks polled ecommerce providers to uncover their key security and management concerns and challenges when adapting to multi-cloud and the findings were illuminating.

Security concerns: Brand and reputation are crown jewels for ecommerce companies

Ecommerce providers are acutely aware that trust is intrinsic to building customer loyalty. Anything that damages reputations and threatens customer confidence has a long-term impact on revenues. It’s not surprising, therefore, that cyber defacement and brand damage are top concerns for 62% and 49% of the businesses surveyed respectively. Linked to this is concern over user data theft and credit card theft, identified as a top concern by 52% and 36% of respondents.

Away from direct public-facing threats, more than one third of companies cited DDoS attacks as a key concern. This is not surprising, given the increase in DDoS attacks and the potential loss of revenue. The report indicated that some ecommerce providers are struggling to resolve this issue, with one in ten reporting that they had lost availability due to a DDoS attack. Given that this directly affects revenue generation, and creates a poor customer experience, organisations should focus on ensuring that their DDoS mitigation strategy and tools are effective.

Performance pitfalls: high traffic and security trade-offs are impacting uptime

On the performance side of the equation, 86% of the ecommerce businesses we surveyed reported a significant increase in traffic. This is undoubtedly a result of the pivot to online purchasing made by millions during the pandemic, but in an industry well-used to handling seasonal spikes it was surprising that businesses reported downtime caused by traffic spikes as a top issue in the past year. This is potentially related to the heavier performance demands from new technology standards, such as the encryption required by Perfect Forward Secrecy (PFS).

Another sign of the tension between performance and security is evident in the 12% of surveyed companies that had recorded slower traffic caused by security threat prevention or remediation. There clearly remains a trade-off between delivering a seamless, lightning-fast customer experience and ensuring that those customers are protected over the longer term.

Priorities have changed in a multi-cloud environment

Managing performance and mitigating security threats have a different complexion in a multi-cloud environment compared to traditional on-premises systems. Our research found that the complexity of multi-cloud IT has reshaped the priorities of IT leaders.

While traditional ecommerce priorities such as disaster recovery and the ability to scale to meet seasonal demand remain important, they have dropped down the list as the resource-intensive nature of multi-cloud management becomes apparent.

More than half of the ecommerce leaders we surveyed said management complexity and cross-cloud security were top challenges, while achieving visibility across cloud data centres was a problem for 44%. A similar proportion struggled to manage compliance and governance, and controlling costs was also an issue for 41%.

Consequently, ecommerce IT leaders are seeking solutions that provide control and visibility. 60% cited centralised management and analytics as a key requirement for successful multi-cloud adoption. Consistent application delivery and security came a close second, while 46% sought efficient automation.

Alongside these practical considerations, ecommerce IT leaders are keeping a close eye on cost control; 81% said cost savings were the primary motivation for investing in new technology. This underlines that the move to multi-cloud must not incur additional management costs.

Adopting a polynimbus approach

As ecommerce companies continue their journey to the cloud, there’s no doubt that focus is needed to resolve the identified challenges and ensure that they gain all the benefits of multi-cloud flexibility, without losing control and visibility over critical elements of the environment.

Here, a polynimbus approach to application delivery helps simplify management and automate operations in multi-cloud deployments. It also centralises security policy enforcement, helping organisations answer governance and compliance demands.

Implementing an application delivery controller (ADC) into a multi-cloud environment ensures that features, services and security are consistent across multiple cloud environments and means organisations can choose the cloud providers that deliver the specific tools and benefits they need, without adding to the management burden.

In turn, this means they can better protect against security threats and increase performance and availability to protect customers and brand reputation. This should be a priority as ecommerce companies prepare to capture their share of the retail market opportunity that lies ahead.

Cybersecurity, News, Tech Thought Leadership

Simplifying Security in a World of Accelerated Digital Transformation

September 29, 2021 Lisa Baker, Editor, UK Business News

Written by James Alliband, Security Strategist at VMware Carbon Black

In the current climate, maintaining business continuity has been a key priority for organisations worldwide. Likewise, re-evaluating security approaches has been crucial for survival, as COVID-19 forced businesses to make fundamental operational changes overnight to deploy a digitally dispersed workforce and migrate to private and public clouds. However, this rapid transformation has created multiple security challenges.

From accelerating threat prevention, detection, and response mechanisms, to unifying endpoint and workload security to simplify the environment, organisations globally have had to shift the balance from a reactive security posture to a position of strength. The demand for secure access to applications and data soared as we rapidly moved to a digitally distributed way of working and, as a result, 98% of C-suite professionals surveyed in the UK said the volume of attacks they faced had increased.

Defending a broader attack surface

As a result, cyber defences were placed under unimaginable strain. Security teams were tasked with handling hardware and software issues, managing remote devices, and allowing access to critical company resources, all while defending a much broader attack surface. With more employees working outside the traditional corporate environment, points of vulnerability became greater, providing an attractive space for bad actors to disrupt and extort enterprises. Attackers found new methods to penetrate defences and stay undetected. Some 88% of cybersecurity professionals reported increased phishing attacks relating to COVID-19, while new variants of ransomware were also released to stop companies in their tracks, as well as an influx of Denial of Service (DDoS) attacks.

Outside of navigating increased threats, organisations faced multiple new challenges, including managing security in a remote working environment and ensuring employee accessibility. To enable employees to remain productive, organisations had to provide continuous, secure access to applications across remote endpoints, all while tackling security awareness for employees working from home.

So, how have IT and security leaders across the world been dealing with these challenges? And how can organisations unify IT and security teams to alleviate this pressure going forward?

Many security teams have benefitted from moving back to the basics, simplifying and strengthening their security strategies.

Simplifying security strategies and going back to basics

To provide the flexibility and agility required in the modern environment, organisations had to build new elements into their security strategies, to fully leverage their infrastructure and control points while seamlessly securing data centres, clouds, and endpoints. Now, in this heightened threat environment, attackers have become too sophisticated in their methods to be averted by traditional endpoint security. Therefore, the more modern security technologies deployed, like Endpoint Detection and Response, which are internet or cloud native, were the ones that worked seamlessly as organisations pivoted to support a distributed workforce.

However, moving from in-office to remote working has required new security standpoints, and as a result, has forced businesses to move back to the fundamentals of security. Starting with internal accessibility, security teams had to start from ground zero and look strategically at their connections. For example, many organisations experienced a complete change in typical traffic volumes, with employees operating at different hours to suit their work-from-home lifestyles, which meant security teams had to rapidly alter their trigger points from a monitoring perspective.

Nonetheless, despite shifting security strategies, products cannot solve these problems in isolation. To alleviate the immense pressure of rapid adaptations, IT and security teams need to unite and work closer together. More than ever, businesses require an approach that makes security intrinsic and enables IT operations and security teams to integrate both strategically and tactically.

One obstacle which invariably challenges security teams is knowing who they should report to and how they can effectively collaborate with different teams, particularly IT. The challenge internally can be difficult, however some level of cross-pollination of employees across different teams can work well. For example, someone in security can work in an adjacent function of the business that they have expertise in. Building bridges with other departments and being able to talk to each other is always beneficial.

Journey toward cloud transformation and application modernisation

COVID-19 has radically changed the pace of innovation across many industries, with decisions like moving to cloud accelerating, after previous months and years of deliberation on infrastructure upgrades. However, such sudden transitions are not without complexity, with security teams having to adjust to the vast amounts of data now available.

Here it is important for organisations to start with this data and identify its meaning; getting more context is critical for enriched visibility into the network environment. Capturing more data allows more context, so teams should work on putting this in place where it is accessible. Then layer over the top the ability to drive down into the core data elements.

In an era of cloud applications and mobile users, organisations should prioritise their controls and rethink how they get that all-important visibility. While there is no magic wand to dissolve legacy technology, uniting teams will help to protect the business from threats – likewise prioritisation will help. By prioritising certain areas, security teams will be better positioned to overcome obstacles and navigate the current environment.

Here are four top tips that our CTO Scott Lundgren recently shared at our CISO roundtable:

1. Accelerate the work you’re doing around security tooling to enable both the security team and the engineering team with a single set of tools, tailored for each department. This can make everyone work together more simply.

2. Recognise the importance of basic cyber hygiene. Understand what is installed and what’s not, where devices are and where they’re not. It’s easier said than done, yet it is the foundation of any security strategy.

3. Get the required visibility into your systems. If you don’t have the right visibility, then you can’t even begin to have efficiency because you’re completely blind and chasing threats that don’t exist.

4. Understand the consequences of your decisions. We often talk about specific technologies and specific product capabilities and, while they’re important, if they don’t tie the whole system together, it doesn’t work. Also understanding what the big decision points are and the multiple consequences is important for the future of security.

In light of the new working environment, it is impossible for any organisation to say that they are truly secure. Here at VMware Security Business Unit we spend a lot of time trying to convince others that 100% security is not the goal, nor is it attainable. However, by putting the right foundations in place – including gaining visibility into the environment and shifting security to cloud - organisations can create a platform for success.

It is time to unify endpoint and workload security to simplify the environment and build security intrinsically across applications, clouds, and devices. This will bring together IT operations and security teams to tackle new threats and eliminate blind spots to deliver better visibility and proactively address vulnerabilities before they become breaches or attacks, shifting from a reactive security posture to a position of strength.

Climate, Logistics, Logistics Tech, Tech Thought Leadership

Mark Perera: A Watershed Moment for Sustainability Commitments

September 29, 2021 Lisa Baker, Editor, UK Business News

Written by Mark Perera, CEO, Vizibl

A couple of months ago we saw a landmark ruling where Royal Dutch Shell was instructed to significantly step up its 2030 climate commitments and slash absolute emissions by 45% compared to 2019 levels. This ruling represents a considerable advance on Shell’s stated aim to cut 45% of its emissions intensity compared to 2016 levels by 2035 – a target which provided leeway for increasing emissions as long as the relative carbon emitted per unit of energy produced fell. Now, this imposes a much larger climate obligation on Shell in calling for an urgent absolute reduction.

A ruling that sent ripples through the oil, gas, and energy sector

A watershed moment, this ruling is sure to cause significant alarm amongst fellow oil and gas giants who recognise – for perhaps the first time – that national courts can compel organisations to accelerate their reduction of harmful emissions under the Paris Agreement. Not only does it have “far-reaching” consequences for Shell itself and may even curb the potential growth of the company, but the decision is also likely to set a legal precedent for other energy companies and corporations. According to Thom Wetzer from Oxford University, who heads up the sustainable law programme: “all companies in the energy industry and all heavy emitters will be put on notice and have to accelerate their decarbonisation plans.”¹

This court mandate applies to not only the Shell group’s own operations but notably also to all the suppliers and customers of the group – strongly implying that Shell is being asked to tackle its Scope 3 emissions. Consequently, it is clear that Shell cannot meet the ruling’s demands alone; to make an impact across all carbon emissions scopes, Shell and other large businesses must immediately look towards forging new, productive partnerships with supplier stakeholders. Failing to do this not only means missed targets and mounting legislative action, but also the reputational damage that this will cause to its brand and the company.

Activist investor warns of existential business risk

Reports on the Shell ruling were almost immediately followed by news of a coup attempt in American oil and gas corporation, Exxon Mobil. Due to concerns surrounding Exxon’s strategic direction, hedge fund Engine No. 1 ousted sitting board members, stating that the climate crisis poses an “existential threat to the business” which the board has been reluctant to confront.

This small hedge fund accused Exxon of “a failure to take even initial steps towards evolution” and of “obfuscating rather than addressing long-term business risk”, partly due to a historical lack of energy industry experience in Exxon’s board. This signalled an imminent shift in the company’s sustainability strategy, which was well received by the market, with Exxon’s shares rising 1.2% the day after the event.

The drive to reduce Scope 3 emissions

And if that wasn’t enough of a shake up, this was followed by American multinational energy corporation Chevron’s shareholders voting 61% in favour of a proposal to cut Scope 3 emissions at their AGM, signalling frustration with the company’s slack approach towards climate change. Chevron has thus far failed to match its competitors’ net-zero targets with any commitments of its own.

For those less familiar, corporate emissions fall into three categories: Scope 1, 2, and 3. Scope 1 covers emissions from sources that an organisation directly owns or controls. Scope 2 refers to emissions from purchased electricity, steam, heating, and cooling that the reporting company consumes over the course of their operations. And Scope 3 is everything else – all other indirect emissions that occur within an organisation’s value chain, both up and downstream

Why is this significant? Until now, Scope 3’s heady combination of difficult-to-manage and thus far easy-to-ignore has led large companies to abdicate responsibility for their value chain and sweep its emissions under the carpet. However, the Shell ruling indicates that this approach is no longer viable for big business. With courts stepping in and dictating climate policy to corporations as well as governments, the pressure is mounting on all heavy emitters to tackle their true impact and reduce Scope 3 emissions. … every purchase comes with an

As organisations like Shell, Chevron and Exxon are considered responsible for the actions of their entire ecosystems, sustainability performance becomes contingent on supplier behaviour. The clearest example of this lies in Scope 3 emissions which, for many organisations, considerably exceeds the CO2 they emit directly.

Therefore, the time for green-washing and lip service is now over as pressure mounts from all stakeholder groups for large corporates to take decisive action on sustainability in the supply chain. However, businesses cannot turn promises into concrete progress without actively collaborating with stakeholders across the value chain.

For every 5 weeks that pass, we lose 1% of the decade

2030, the deadline for achievement of UN SDG-related climate commitments, is fast looming, and with every five weeks that pass we lose 1% of the decade. The imperative to take immediate action has never been clearer. It’s now down to procurement, wider business leaders, and their associated supplier ecosystems to put sustainability strategy into action by:

Defining, aligning, and communicating their corporate sustainability goals to focus suppliers, partners and the wider stakeholder groups on how they can make an impact.
Collaborating systematically through technology using transparent processes that develop trust with suppliers and partners.
Harnessing the innovation and IP within the supplier ecosystem, turning ideas into projects that can be managed and reported on transparently, and adding clear value trackers to prove impact.

Working closely with stakeholders in the supply chain is an infamously complex process, but it can be made that much simpler using Supplier Collaboration & Innovation (SC&I) technology. This ensures strategic alignment between buyer and supplier and provides comprehensive relationship governance and real-time performance visibility. This allows companies and their suppliers to work on sustainability initiatives more cohesively and develop innovative ideas through collaboration.

Here at Vizibl – through our SC&I platform combined with our knowledge and expertise – we are helping large enterprise organisations in the energy sector better leverage their supplier relationships and move closer to meeting those lofty 2030 sustainability goals.

Cybersecurity, Data & Analytics, News, Tech Thought Leadership

Sarah Doherty: Summer is Here and Data Still Needs to be Protected

September 27, 2021 Lisa Baker, Editor, UK Business News

Written by Sarah Doherty, iland

The summer of 2021 is upon us and everyone is excited to get back out and enjoy national parks, oceanfront beaches, amusement parks, campgrounds and so much more. With a large number of employees still working from home and taking time off this summer, it is still critical to protect your organisation’s data as it travels for summer holiday. Ransomware attacks are on the rise and continue to be a disruptive force affecting everything from financial institutions, healthcare to SLED (state and local government and education). Due to the rise in remote work prompted by the pandemic, attacks are up 148%.

Defending your data is more critical than ever

Over the past few years we have seen a steady increase in the number of ransomware attacks and this growing issue has quickly become an extremely profitable criminal enterprise. Targeted organisations often believe that paying the ransom is the most cost-effective way to get data back — and, unfortunately, this may be the truth.

The real issue is that every business that pays to recover their data is directly funding the development of the next generation of this cyber threat. As a result, it continues to advance, with more sophisticated variations and more specific targeted cyber-attacks. The costs continue to increase as well. Recent research from Cybersecurity Ventures predicts that these attacks will cost the global economy 6 trillion annually in 2021! This makes defending your organisation’s data more critical than ever.

The threat of ransomware is inescapable. Every 11 seconds, an organisation is hit with an attack. It’s time to take a proactive, unified approach. Moreover, It is important to remember that securing and defending against ransomware, before it happens, is critical but there is no silver bullet to combat this problem. The reality is that preparing to recover quickly after it happens can be just as important to the long-term viability of your business.

Today’s cloud backup and disaster recovery solutions have evolved with ransomware protection and recovery in mind. Heads of organisations should seek to find an industry leader that provides a combination of air-gapped backup and disaster recovery that can help their organisation avoid worst case scenarios, including paying a ransom, if their data becomes compromised. Disaster Recovery as a Service (DRaaS) and Backup as a Service (BaaS) help protect against ransomware attacks by maintaining multiple copies of data, including optional air-gapped copies of data, in secure offsite global data centers.

Another way to help protect against malicious internal or external threats is with Insider Protection which enables you to recover a full backup deleted by mistake, but more importantly it also protects you from malicious attacks from outside threats. Backing up your data locally and offsite is no longer a catch all solution as recent attacks show that backup files are being targeted and destroyed. Attackers are aware of retention policies for your backups as well. Instead of simply deleting your backup files, they may choose to corrupt your production data and continually run a backup job to a cloud target. This ages out any useful recovery points you may have and replaces them with backups of already corrupted data. With Insider Protection, backup files deleted accidentally or maliciously are retained in an air-gapped directory.

Summer is here and it is time to enjoy all that it has to offer, but don’t take a holiday from protecting your data. Cyber criminals aren’t taking time off and are a constant threat to the lifeblood of your organisation, your data. Beware and be prepared and let industry leaders provide you with the right solutions to continue to protect your data no matter the threat.

Business in the News