Once a year either at the end of an old or the start of a new year, I deliver a view on the forthcoming year. Common to many industry analysts who “call” the market, it’s a view based on customer sentiment (I speak to many many customers), extensive research, market knowledge and many years of experience (an elegant way of writing “gut feel”). This year I will release the “Security 10 for 2017” earlier than normal to reduce the comparison to other market perspectives that will appear on mass in January. Important note: the views within are my own and do not constitute the views of Computacenter Group.
This overview will be slightly longer than my normal 400 – 500 words, however I hope you understand the content deserves the extra literary real estate. Happy reading.
1: IOT attacks will increase
Focus on IOT non-human devices with weak security may increase as they become the ideal candidates to be used as botnets or drones. The weaker security layers within IOT devices with less evolved security components may result in the industry acting in catch up mode as each compromise signposts the remediation required and the next likely targets. There is no easy fix in sight with between 24 and 50 million IOT connected devices expected by 2020 but security basics including changing default passwords and remaining in tune with vendor software and patch updates are mandatory first steps. Key tip when considering IOT to deliver a business outcome, start with security in mind and end with security by default.
2: DDOS mega attacks will continue and worsen
DDOS attacks haven’t gone away, in fact Akamai cite a 125% increase in year on year attacks. With an increased volume of bots enabled via compromised IOT platforms and the real world turmoil generated by the massive DYN DDOS attack in October, attackers may consider the potential for disruption second to none. DDOS protection solutions have been deploy and forget for far too long with insufficient proactive scrutiny of logs and early warning alerts that may indicate a future larger attack is pending. Now is the time to fully understand the protection delivered by the service provider as a minimum to determine the likelihood of a successful attack.
3: Rise of insider (user) driven attacks.
Sadly humans can be a weak link with non-malicious user errors and insiders encouraged, bribed or bullied into undertaking actions that compromise systems. As client and datacentre security solutions increase in capability, therefore deliver enhanced protection, the user remains the least protected vector. User awareness, education and (with emphasis on accountability and liability) is continually highlighted as essential – now is the time to act and assign the highest priority level possible to security education for end users.
4: Last minute rush for GDPR compliance
Common to other historical compliance requirements, GDPR may suffer from a yearlong “wait and see” with the result slow progress, then a crisis driven rush to design and deploy solutions. GDPR shines a light on privacy with emphasis on data that contains personally identifiable information must be secure by default. The journey to compliance starts with awareness of the key GDPR directives, quickly followed by the need to understand the type of data in existence, where it resides across the enterprise and whether it is within the scope of GDPR. GDPR assessment and remediation solutions will be a major business impacting activity through 2017.
5: Social engineering attacks may become undetectable
Social engineering attacks may become so personalised and well-crafted they may be hard to detect from a human or systems perspective. Whether it’s sales driven “Black Friday” or the Christmas “social” season updates, the endless stream of social media publicised events may act as a catalyst to drive increased volumes of “better than good enough” phishing messages with amazing offers (that sadly deliver a malware payload or redirect). Social engineering is an area positively affected by enhanced user awareness and education.
6: Ransomware may spiral out of control
2016 has proved a successful year for ransomware with ransoms increasing in size and frequency – 2017 may see attacks increase rather than decrease. Recent vendor commentary indicates as many as 54% of UK businesses have experienced some form of attack (source: malwareBytes). Ransomware authors based of the sheer volume of malware released have access to an unprecedented amount of potential human targets. Client security solution enhancement, with the arrival of specialist anti exploit solutions may slow the ransomware march but not without the assistance of greatly increased end user security education. The fear of modern ransomware will drive a review of existing endpoint security technologies to reduce or eliminate the number of “first casualties” as surely one casualty is one too many
7: Cloud computing specific attacks will increase.
With organisations moving to the cloud, dedicated attacks (compromised permissions, etc) on cloud delivered applications and workloads may become the norm based on the potential to gain the largest prize. Cloud platforms are extremely well protected but the long list of potential attack vectors including credential theft, DDOS, data theft, compromise via zero day exploits and many other general security attacks (but targeted at cloud computing) may steadily increase as enterprises accelerate their use of cloud computing solution delivery modes.
8: Credential theft will continue to rise.
A robust digital identity is fast becoming a key deliverable within modern enterprises to facilitate secure single sign on across multiple platforms. This makes a stolen credential more lucrative than ever. Digital identity and credential theft may rise to the top of the security risk agenda for many organisations with digital credentials the golden key to both known and unknown “digital enterprise locks”. Attackers are familiar with the process of stealing credentials for access or to create subsequent hidden and elevated credentials for use during an attack. A least privilege, zero trust approach to IT security must become the new normal.
9: Banking and payment system attacks will increase.
As the world moves to digital payment by default, compromise of a payment system, ATM, contactless platform or digital financial services intermediary may deliver a major shock to the confidence of the financial sector as a whole. We now have attacks on banking and payment systems that have successfully breached existing defences leveraging both known and unknown techniques. This may encourage attackers to invest further to ensure they remain one step ahead of not just those defending but equally other assailants seeking to attack first then disappear. Enhanced visibility is a must with assistance delivered by big data and machine learning enabled advanced security platforms to proactively stargaze “what could happen next” before it occurs.
10: Dedicated attacks on “HomeHub” smart technology
We are entering an era of smart home devices and intelligent digital assistants. This style of attack may exhibit nothing previously seen and include highly non standard attack modes including homes held to “thermal ransom” with heating systems shut down or the potential for unexpected orders / purchases from voice activated digital assistants that may not be detected until a later date. It is a valid assumption that “smart home” technology with wireless enabled devices, creating and accessing data continually will permeate even the most basic home / work environment. Protection of smart home / IOT platforms will evolve as adoption increases, but the initial lag may create a window of opportunity for attackers.
The “Security 10 for 2017”mentioned could be 20, 30 or 100 depending on the enterprise, vertical market and enterprise current state. A few of the perspectives mentioned may concur with other industry / market watchers and others may even deliver a totally different viewpoint. However all are areas of potential attack or compromise that should be considered to determine the likelihood of a successful attack and therefore form part of a pre-emptive protection or remediation plan for 2017.
2017 will be the year good enough security may not be “good enough”. Now is the time respond to minimize the need to react.
Until next time.
Chief Technologist Computacenter UK: Networking, Security and Collaboration
Important note: the views within are my own and do not constitute the views of Computacenter Group.
First off, thanks to James and Callum for the useful tips on applying for the Associate Programme. The other Service and Sales Associates have just come to the end of assisting with the assessment centres which definitely brings back memories from when we were in their place just this time last year. I have to say, it’s much nicer being on this side of the table and passing on our words of wisdom to the hopefuls for next year instead of being put under the spotlight ourselves. That apart though, it really puts into perspective just how far we have all come since starting the programme ten months ago and it’s both scary and exciting to think we only have eight months left!
With this in mind and with the new associates nearly in place to start their role in January, I thought I’d take the opportunity to take a look at what I’ve found particularly valuable on the programme so far. I certainly feel that the programme has continued to improve the longer I’ve been on it. By this point in the scheme I’ve gained a grasp of the services and solutions Computacenter provide, I’ve managed to finally decode a large number of the acronyms I hear used in work every day and I have a much better idea of who the best person to turn to for each individual challenge I come across is.
One of the rotations which, I think really shows how much we’ve all learnt since starting the programme in January is ‘Helping Clients Succeed’. For those of you who are not aware, during this module the Associates are split into groups of three or four and are given the challenge of responding to a brief from a telecommunications company. We have to go through all the usual, well known processes when first qualifying and going ahead with an opportunity. The module concludes with each group presenting back to the key stakeholders within the dummy telecommunications business. Each group is just getting to the end of their initial conversations with the key stakeholders from within the company: Martin Roberts, Barry Binding, Andy Bryant, Derek Wilks and Darren Chapman or, as you may better know them, Pete Larson, Stewart Filler, Ade West, Gavin Bell and Rob Stanley. It’s surprising how capable and relaxed I think we’ve all felt in leading these conversations with the key stakeholders. It’s been really interesting to find out the ways in which you can best lead these initial conversations with prospective new customers. Hopefully, as we progress through the module we’ll continue to feel as at ease, especially when undertaking our final presentation.
For me, another highlight of the programme so far has got to be working on the Waitrose Account. I’ve been on the account for the past two months supporting and assisting the Service Management team. The John Lewis Partnership has been a long standing customer for Computacenter and it has been really useful to experience the Service Management role on this account.
Working with Waitrose has given me real exposure to what the Service Management role is really like. It has shown me that Stuart Maynard, when he introduced the role of Service Management to us all in January, wasn’t exaggerating when he said the role was fundamentally ‘spinning a lot of plates’. Juggling is certainly a skill I think I’ll be able to add to the CV by the time I finish the programme! Working alongside Waitrose, our internal teams and third parties has challenged me but it has also been a thoroughly positive and enjoyable experience. They say the best way to learn is to really get stuck in and get your hands dirty and this has definitely been my experience so far on the account. It’s been very rewarding to watch ideas progress and see relationships build with the customer. The experience so far has definitely made me very pleased I decided to go into Service Management and I’m looking forward to working with both Waitrose and the Service Management and Account Team during the peak period which will soon be upon us all.
My final highlight of the year is a bit more general. A lot of the programme revolves around us building relationships with key people within the business and ensuring that we get to know each part of Computacenter well. One of my highlights so far has been doing just this, and I don’t just mean drinks at the Oyster Shed after work! As we’ve all been progressing through the programme, I’ve found that so many people put time aside to assist with your development and that’s one of my favourite things about Computacenter as a whole: if you want to achieve, Computacenter will do its best to give you the tools to do this. Having had a small taste of seeing what being a Service Manager is like, I know how busy people are and so I’m extremely grateful to all the people who so far have given up some of their spare time to help with my development.
Admittedly, some of this has taken place in a more fun environment such as the Services University, but we’ve also all spent a lot of time with people from across the business during the working day, whether that’s whilst we are on set rotations or because they’re willing to give up time to give us the benefit of their experience in a particular area which may not be covered by the programme. So many people at Computacenter have worked here for so long and it is always useful to pick up hints and tips from those who have much more experience.
It’s safe to say that I’m looking forward to what the next eight months will bring. There’s still much more to learn and many more people to meet. Thanks for giving up the time to listen to my ramblings, next month we will be hearing from Harry Walkden.
We view the world through filters created by our personal perspective of “self”, the environment, experiences and our interaction with others. The end result could infer the current human state of “normal” may not really exist with the social concept hard to anchor to anything consistent or common.
The current “digital world” further compounds this state by allowing us to create a digital secondary, individualised “own view” of the “human experience” augmented by technology personalised to our social or working desires. Why all of the fluffy prose, there is no universal guarantee this new digital world of “self” delivers an ideal one with the endless change creating as much personal and emotional instability as it does excitement and enthusiasm. People matter, the feelings of people matter, the dreams of people matter – and now in the midst of the wave of “technology is the answer” dialogue, we will all do well to focus a lens or shine a light on the importance of continually reinforcing “people matter”.
I often labour when discussing personal development with our graduate new starters that personal development is owned by and starts with the individual, not the organisation. The best “YOU” that you can be becomes the best you for all who interact or experience you (both in and out of the work domain). But the organisationor the employer plays a massive part in that ongoing development by continuing to acknowledge and signpost personal development as a fundamental enabler of business differentiation.
It fills me with pride that I have been appointed as the UK country unit person within the Computacenter “People Panel” team to work with our Human Resources function to ensure we maintain our effort on inclusion, empowerment and the development of our people to ensure Computacenter continues to deliver an employee development experience second to none. No one really knows what the future holds but a few things are guaranteed, it will still be a world of people, for people, driven by people and their experiences – technology will purely assist those people to maximise their experiences and potential. The digital and technology evolution occurring now and potentially forever more will deliver an amazing ride for all, but don’t let it become more important than the “people” it serves.
Until next time.
Chief Technologist Computacenter UK, Networking, Security and Collaboration
Digital Me is Computacenter’s response to enabling users in the modern digital world. Amidst the opportunity and challenge in modernising Workplace environments; it is important to remember the success or otherwise hinges on one critical factor, the User.
Digital Me places users at the heart of the transformation. Engaging and empowering users to take advantage of modern Digital tools and capabilities, to improve their productivity, enhance collaboration and ultimately contribute to enhancing the business performance.
In order to do this effectively it’s critical that you understand your users. You may think you already do; but do you really understand how and why users work in the way they do, their frustrations and the short cuts they are taking to get the job done!? Phenomenon such as Shadow IT and BYOD emerged for a reason; that being that corporate IT couldn’t keep pace with users’ needs and expectations – how big an issue is that in your organisation?
A few years back we developed our own approach to enable us to get closer to users and understand how and why they do what they do. We call this ‘Workstyle Analysis’ and as the market has matured and the concept of a “User Centric” approach to IT emerged, it’s been really beneficial for our customers.
As I write this today, we’ve asked 16,000 questions over 400 hours of interviews to many hundreds of users. The insights we have gleaned from this have been intriguing to say the least so I’d like to share a few of them with you.
First we need to re-iterate why we feel Workstyle Analysis is so important. Put very simply, when you consider some of the following outcomes from the exercise, why would you not want to do it?
And now for the findings:
- Email is still the killer app. In a world where we have millions of mobile apps, collaboration platforms and Line of Business applications, users still revert to email. As a communication tool, a task management system, a document repository – everybody depends on email! Some organisations famously tried to force users away from using email, many have tried to augment email with other collaboration channels – but the relatively limited success of introducing new capabilities means that businesses still run on email. In our findings 74% of users declare email outages as “highly disruptive” to their work. Is your business prepared for that?
- Shadow IT is real! Many of us know this to be true, some of us have actively tried to manage it, but is ‘Shadow IT’ a problem in itself or merely a symptom of a wider dis-enablement of users? In our research shadow IT has not been used maliciously, but is done to allow work to be easier, for users to be more productive or to augment deficiencies in the services that IT provides. Maybe IT doesn’t know the users need these services – hence why both Workstyle and Shadow IT Analysis activities are so effective!
- Pent up user demand. The candour of the conversations we have with users, allied with the exceptionally high turn-out rates points to users wanting to express their views and to be heard. We report over 90% attendance in our Workstyle exercises. People with “day jobs” who choose to spend the time talking to us about how to improve their working environment and make their lives easier. A key facet of successful transformation is engagement and adoption by the users, and it starts by speaking to them.
- Users are all different. One user says the service they receive is brilliant, the next user complains that it’s poor! How can you reconcile that and establish a baseline? User perception by its very nature is highly subjective – so how can you reliably act upon it? By canvassing a cross-section of your user community you can supress the extreme perspectives. From here you can focus on key user communities – VIPs or critical functions such as Contact Centres or the Retail Branch environment – but you will know that you’re addressing the right pain point for the maximum impact.
- Collaboration is missing. One of the strongest insights we have received is around collaboration within organisations. Whether related to culture or the technical capabilities provided, Collaboration is key. We know that effective collaboration solutions can enhance user satisfaction and productivity, but we know these solutions have been challenging to implement. How can we help make this easier for both IT and the users?
These are just the top 5 insights we’ve gleaned from our activities over the past 12 months. We have much more detail to share. If you are interested in understanding how to better enable your users, then feel free to get in touch!
Now landed back in the UK after yet another very impressive VMworld event (3.30am start for a 5.50 flight – ouch!). It has been a whirlwind few days of executive meetings (a number of really fundamental catch ups), extremely concise and well-formed session content from the VMware team (congrats to all) and potentially our best customer event yet (every year we invite a number of our key customers to spend time with us at VMworld – with nearly 200 people at the Computacenter event I think you can say it was a success).
This VMworld may prove to be a watershed event. VMware reinforced the perspective a software defined future is no longer optional but instead the “new normal” – now. The business agility and operational flexibility essential for ongoing success through the current ever changing digital age is forcing enterprise IT environments to “act like code” to deliver services, consistently at warp speed. Common to other VMworld events, the VMware team demonstrated the technology is ready (and it has been for quite a while), but human inertia continues to stall the growth of the software defined enterprise as the very last few points of concern are digested and overcome.
NSX (the VMware advanced software defined networking layer) is moving from the background to a centre stage role in the VMware enterprise transformation strategy. As the digital data transport layer that simplifies and optimises traditional networking, delivers a policy based pathway from private, through hybrid to public cloud and back plus enhances security along the way – NSX may offer VMware one of the real keys to the enterprise kingdom. But this event wasn’t all about networking, major enhancements to core VSphere to make it enterprise robust but cloud ready arrived on mass and the additional light shone on the devops world with greater support for containers, workflow and API driven operations ensured a welcome and steady stream of impressive announcements.
The arrival of such a blur of product updates and developments are timely. I noticed a change in attitude and tone with the mass of attendees at this VMworld cramming into the rooms of the “how” sessions no longer deliberating over “why and when” – I think they are now ready!!
Does this sign post a VMware only world to realise the enterprise software defined IT dream, definitely not with the vendor village of eco system partners and past and present competitors all offering valuable services and solutions to enable effective completion of the software defined jigsaw puzzle. But it is clear VMware are leading the charge as they have been for many years and present a compelling end to end, top to toe story of software led transformational business change.
I think the needle has now shifted and the brave new world of enterprise IT still running on high performance hardware, but defined dynamically by software is now upon us and will deliver the hybrid cloud digital super highway that will propel businesses forward both now and into the future. Job well done VMware, the stage is now set for partner, customer and industry cast members to act.
Until next time
Chief Technologist Computacenter UK. Networking, Security and collaboration.
Hello everyone, and welcome to the first blog entry from the new graduates in Project Management. The first ever Computacenter graduate scheme in Project Management began in August this year, and this blog will run over the coming months to provide updates to the rest of company on our exciting journey through our eighteenth month scheme and into Project Management.
There are six new graduates on this scheme- all coming into Computacenter from a range of universities around the country- who will each write blogs over the coming months on our progression at the company. This first blog entry, as well as giving a general overview of the Grad Scheme, will highlight some of my experiences so far and what I’ve enjoyed the most since starting here at the beginning of August.
Time really has flied since the six of us started here just over two months ago. By now, we are all starting to find our feet and after information overload to begin with, different bits are starting to become clear and more and more of the acronyms are starting to make sense. I remember within the first week wondering what on earth any of this all meant, but pieces of the puzzle are clicking into place now and I’m looking forward to learning more and more about the business as the programme continues. Some of the best advice that I was given upon starting and would certainly recommend to any other new starters is to ask as many questions as you need to; there really are no stupid questions at Computacenter, and people are always willing to help you out with information or point you in the right direction. While all six graduates have been set a similar 18 month plan, our experiences and first impressions have all varied greatly already. From visits to customer sites, to the different people that we have met with, it already feels like we have done a huge amount considering we are only just over two months into our Computacenter journey.
What has become evident to me since starting here is the wide range of opportunities that are available from the start. These opportunities are opened up not only by the structure of our programme, but also by the people that we interact with every day. Already I have met a range of people across Projects, Sales, Consultancy and many other departments, that have all been genuinely willing to help us out, introduce us to more people and sacrifice their own time for our benefit.
One of the best examples of this has been on my sales rotation a few weeks back. This was a a two week period of shadowing within the sales department, where I sat in on calls and meetings, met with customers and gained a general overview of the sales division and where they fit into the company. On my second day with sales I was invited to a day with a major UK Bank in Hatfield, where we were providing an update on a particular solution. Over the course of this day I was given an insight into the customer and gained a great understanding of how groups including sales, projects, configuration and supply chain services interact and engage with each other. This day helped me to be able to apply all the information that we have been taught to an actual engagement with the customer. To gain this exposure less than a month into my time at the company was a great learning experience for me, and I hope there is more of this to come.
Overall, these first two months at Computacenter have been fantastic. I’ve already learned a great deal and met some brilliant people. I hope that the coming months are as varied and as exciting as the first have been, and that hopefully I will get to meet and work with some of you in the near future. The next blog will be written by Ollie Lamont, another one of the graduates, who will provide another update on our journey through Computacenter. Thanks very much for reading.
This time last year I was sat reading Glen’s blog giving advice on how to apply, along with some helpful tips around the Associate Programmes. This must mean that it’s the time of year again where we starting looking to bring new talent into Computacenter via the Sales and Service Associate Programmes. Normally in this blog you would hear from either a Service Manager or a Sales Associate, however this month you will hear from both Callum and myself, in a combined article to give you an insight into the later stages of the recruitment process and some helpful tips.
I’m going to touch on the face to face interviews and the first evening of the assessment centre before Callum goes on to talk about the second day. Together we will cover the tasks that you need to complete, some essential advice and what we learnt when we went through the same process 12 months ago.
The face to face interviews are going to be with a member of Senior Management and also a current Associate. This is a competency based interview, and therefore it is important that your answers are detailed and that you can accurately demonstrate what you have done. Although face to face interviews are a daunting prospect, it’s important just to be yourself because everyone else is taken.
Remember; they want to see your personality, hear what you have done which has led you to this point and why you think you would be an asset to Computacenter. At the end of the face-to-face interview the senior manager will leave the interview and you will get the opportunity to talk to the current associate around the programme and any other questions you may have. This is a great opportunity to gain some further insight into what you might be doing a year from now.
Once you have completed stages 4 and 5, it is time to pack your overnight bag and travel to Hatfield for the two day assessment centre. It’s a great experience, and a real positive about our application process is that Computacenter allow time to really get to know you before making such an important decision around your future.
On arrival you will meet some of the other applicants, a great time to meet some of your potential future colleagues as well as some of the current associates before a briefing session that will give you a better insight into the next 36 hours. There will be a dinner with the senior management who will be involved in the 2 day interview process, which allows you to get to know your assessors before you’re in an interview scenario. This shows how invested the senior executive team at Computacenter is in the Associate programme, something the successful applicants will come to realise quickly once you start!
More importantly this is a great opportunity to sit down over dinner and ask some questions of the leadership team, so think carefully about what questions you ask and the answers you give as you are being assessed from the outset. One final piece of advice; enjoy the networking afterwards, but know your limit!
I will now hand over to Callum…
So, thanks to James’ tips, you’ve had a great evening with the other candidates and have started to impress the assessment panel. Make sure you get plenty of sleep and get some breakfast in the morning, because trust me you’re going to need that energy today at our Hatfield head office.
This is your chance to really shine – with multiple opportunities to demonstrate your capabilities in different areas vital to Sales / Service Management, and prove that you’re right for the role!
You’ll be given a group task, where you’ll need to demonstrate your ability to be part of and maybe even lead a team, and then present back to the assessors as a group. You will also be set a topic for, and, having been told your stance, be given the opportunity to debate it against your fellow applicants – remember here that subject knowledge isn’t the most important thing – the assessors will be looking more for skills such as calmness under pressure, logical thinking and ability to listen to others and communicate effectively.
Next it’s time to outshine the other candidates with the individual assessments. First you’ll have to put pen to paper again for another written and numeracy test – you’ve all had similar tests earlier in the process though, so don’t panic!
As if having dinner with him last night wasn’t enough, you will have 10 minutes one-to-one with our CEO Mike Norris. In this time, you have the opportunity to ask Mike just three questions, so make them count! Mike takes time out of his busy diary to meet each of you, so try and make your questions interesting, meaningful, and memorable.
Your panel interview will be with 2 or 3 members of the leadership team, where they will try to find out a bit more about you, why you want the role, and why you think you’re suitable for the role. The advice I’ll give here is to be honest and open, and try to pull on experiences from your academic, social and extracurricular life wherever possible. We aren’t just trying to recruit people that are perfect for the Associate programme, but want people that will suit Computacenter too.
The last chance you’ll get to impress the assessors is the famous “Why Me?” presentation. They’ll give you 5 minutes to use as you wish – make sure you leave a lasting impression and that they come away convinced that you are right for the Associate programme.
Come to the assessment centre prepared and ready to engage, but most of all try to enjoy it. At lunch, and throughout the day, current Associates will be on-hand, so don’t be afraid to chat to them and get some further advice.
Once the assessment centre’s finished, those that are successful will get a call from Mike Norris with the presumptive close of “see you in January”!
Thank you for reading. If you have any questions around applying for the Programme or the Programme in general, then please don’t hesitate to drop either of us an email.
Most importantly, enjoy it and good luck!
Service Management Associate