Archive by Author | Colin Williams

GDPR Remediation – “Something positive to shout about”

It is impossible to ignore the momentum behind the General Data Protection Regulation (GDPR) compliance requirement. It stimulates many process, information governance and security related discussions as its swings between saint and sinner in the minds of legal, business and technology based personnel. May 25th 2018 is the ICO issued GDPR compliance deadline, however Gartner believes 50% of organisations affected will not be complaint by the end of 2018 (Gartner, May 2017).

GDPR cannot and should not be considered a short term fix but instead a pragmatic review and recalibration of security controls to effectively manage “EU” user centric digital assets in the 21st century. It’s time to shift GDPR to a positive, business enhancing consideration rather than a board level topic of dread based on sluggish progress and hard to quantify expense. Expanding beyond “doing the minimum required” will highlight the fundamental relationship between consumer / user trust in a digital world and secure information handling. Few data assets can be more important to a user / consumer or the organisation than PII information based on its digital representation of the persona of an individual.

The relentless rise and rise of the digital economy is underpinned by confidence, trust and uncorroborated belief in a mass of interconnected IT systems that users / consumers cannot see and often have little access to. GDPR attempts to bolster that confidence by highlighting organisations that leverage good practices and deliver certainty to user centric digital data processing and management elements to reinforce “trust” in a very fluid digital world. Now is the time to accelerate GDPR activities to realise the business and consumer benefits of compliance faster. This is unlikely to occur from hard work alone (but that is certainly required), it requires a reframed philosophical viewpoint conveyed to all involved in the GDPR working party of review and remediation.

The GDPR compliance team must be motivated and inspired to undertake their work with urgency, passionately volunteering regular stakeholder progress updates to the exec board – the importance of GDPR stakeholder information updates to convey the importance and ongoing benefits cannot be overplayed. GDPR progress bulletins will energise all involved in GDPR remediation with the knowledge that everything they do enhances the overall security posture of the organisation, delivers optimum management of user / consumer personal data assets and therefore improves both the internal and external company perception to a measurable degree.

These small changes will help to evolve the intellectual view of the GDPR from a compliance work programme to one of the most important consumer and business impacting information management activities in recent times. Serious stuff….

Until next time.

Colin W

Twitter: Colinwccuk

Chief Technologist: Networking, Security & Collaboration. Computacenter UK

 

Citation: 1 http://www.gartner.com/newsroom/id/3701117

 

Arise the new Cisco. Why the innovators dilemma has become the “innovation imperative”.

After a few silent months away from from philosophical scribbling about market, societal and technology based change, something has caused me to reach again for my pen (“what pen I hear you say”, stay with me on this one).

In the digital age, “do nothing” delivers the worst possible outcome – “nothing”. Does this mean a relentless march forward ideally at “digital” speed is the order of the day – to a degree, yes but not without thought or calibration. Harvard’s, Clayton Christensen formulated a memorable principle in his seminar book the Innovators Dilemma in 1997, “An organization’s capabilities define its disabilities”. Put simply, an organisation should rightly be validated for the actionable elements it delivers over pomp, history or rhetoric.

Surely this is obvious stuff, but changing focus, reinventing successful products or undertaking “blank sheet of paper” style development is time consuming, challenging, provides no guarantee of success and is downright risky. With the result, many crank the handle on the “same old way”, turning the handle faster as competition, market saturation and reducing income signposts the race may be close to being run. But that isn’t the only way, “do nothing” or “do the same something” whilst safe is a sure-fire way of ensuring the only future ahead is one as “yesterday’s great”. As the digital age drives our personal and business lives forward pressing reset on everything safe and known at a speed we can barely consume (much less digest), the winners will be those who manage to maintain a level of effective competitiveness within existing markets whilst guiding existing customers and new prospects to take advantage of adjacent or original innovations that unlock reliable and previous unforeseen benefits.

I was compelled to scribble this post by a recent and potentially market defining strategic announcement from Cisco. As the campus and datacentre network infrastructure market leader by some magnitude, “do nothing” for Cisco could still have some mileage. By using superior purchasing power to develop products at market prices others may struggle to match profitably or via customer loyalty plays to retain and maximise existing advocates, Cisco could continue to maintain a slightly better version of “the good old way”. Or they could flip script with a fundamental reframe of everything known, building on existing legacy value, but enhanced for the future via insight and innovation – that’s what Cisco has done. Cisco DNA (Digital Network Architecture) and SDA (Software Defined Access) is so new in the market, the ink has barely dried but initial observations point to a technical philosophy that will redefine strategic, functional, operational and technology based customer outcomes.

The ability to deliver local and in time wide area secure network connectivity, that self-configures, is rich with relevant user or network insight, is policy drive, self-heals, is adaptive, abstracts complexity, is API open, secure by design, enhanced by automation reads like a CIO wish list to Santa. But this is just a selection of announced initial release functionality inherent within the DNA and SDA footprint from Cisco. It leaves me encouraged, inspired and enthused, not because it signals a one vendor world of customer benefits as that equally delivers the fear of “lock in”, but based on the potential for a vendor and market open platform that will bring together co existing and competing vendors integrated by APIs to deliver an autonomic secure network layer to underpin digital transformation.

Forget dilemmas, it’s time for the “innovation imperative”. As Cisco reinvents itself to guide both customers and the industry forward, the game changes for everyone. Competitors will be compelled to respond fuelled by their own innovation imperative, partners inspired to retool and reskill to service & support the new normal and lastly customers whilst initially confused will soon be engulfed by a wave of excitement that old problems may soon be eliminated by new solutions.

I’m not just a Cisco fan, I’m also seeing mind blowing innovation from the top ten networking & security industry leaders and the next ten UK, San Jose or Israel based emerging technology startups as they paint the new picture for business enabled IT. What a fantastic transformational journey we have ahead as we march towards that spiritual IT milestone date of 2020.

Who knows, as digitisation becomes the DNA of societal and business existence, a flawed something may far outweigh a perfect something. Time to get involved.

Until next time.

Colin W

Chief Technologist – Computacenter UK, Networking, Security and Collaboration.

Twitter: @colinwccuk

Business success in the digital age – Are you, will you be “brave enough”?

Darwin is frequently quoted in the midst of furious discussions about change. Whether it’s the mention of “the survival of the fittest or the most adaptable” (and not forgetting many question whether either statement was made by Darwin), change consistently invokes one human emotion with the power to nullify every others – “fear”.

Information technology (IT) for all of the seemingly endless change over the past 30 years has been somewhat consistent. Technology, with every new product launch via an endless release of “features” often dictated the “potential” for human benefit. And the result, technology vendors & the IT industry told the story of the future for an eager business (and more recently social) consumer to consume.

There was a reduced need for the IT buyer or user to appraise to a granular degree how the technology delivered impact or benefit, it was almost assumed that “newer” was better resulting in an upgrade to the “next or latest version” becoming standard behaviour. The balance of power rested with the “technology industry” and the user / consumer was at times a passive recipient of endless technological advancement. But as we enter 2017 the power base is shifting (some may say has “shifted”).

The user or IT consumer is now the power broker with the ability to dismantle 30 years of elegantly crafted IT system and process via a move to hybrid systems (combining traditional with public) or fully public IT service delivery. ‎”Feature glut” no longer rules the day, replaced by the need for consumer realised benefits or “standard service offerings with the potential for agile evolution”. This wholesale reset of everything deemed normal in IT and business is here and here to stay. But a move away from the safe “the old way” requires courageous decision making.

But the winners, whether consumer or IT service provider may not be those to accept “safe” or “old normal” but instead those willing to “be brave” and challenge “the old or known way” to evolve to a sustainable service consumption or delivery template viable for the dynamic, digital age. The buzz words are endless with digitisation, hybrid cloud, IOT, mobility, just a few. However with “solution relevance” a key consumer buying criteria, “buzz word bingo” will no longer find an audience, instead replaced by “win win” consultative solution selling driven by the value of positive disruption and “measurable” benefits for the consumer.

“Being brave” may result in human destabilisation as the status quo is defended and protected and “risk” as existing service delivery approaches move away from safety but the benefits are not potential, they are very real and highly realisable. The gateway to a new age exposed by the digitisation drive is positively transforming IT, business and the user with all likely to embrace a sustainable, enhanced experience. But that change of experience starts with a level of bravely not everyone can muster. “Can you, will you, be brave enough”?

Until next time.

Colin W

Twitter: @colinwccuk

Chief Technologist: Networking, Security and Collaboration – Computacenter UK

 

2017 “Don’t let mediocre become your GOOD”.

Straight talking time (again), “Don’t let mediocre become your GOOD”. I have realized, in fact I have always known, that I have a problem with “mediocrity”, I really do. We live in potentially the best version of society to date for self or group learning to allow us to make our bad better and our good better than good (just have a look at how much life help exists on YouTube).

So why are so many people settling for, “OK” or “alright”, that’s not what this version of life should be about. Now I’m not talking about Olympian grade investment in skills or sacrifice, far from it. I’m just talking about wanting a little more, investing in knowledge (and self) to improve or gain more skill, to feel better / do better and through it refusing to settle for “OK” or “mediocre“.

If living for all of the amazing joy it delivers is hard, and it is, surely one rung higher than now is a better life than one rung lower or the same. Whether self-taught, peer taught or life taught, today is the day to decide you want a life better than this (even slightly) and that’s the life you are going to “invest in” to realize everything you seek with intent.

And don’t instantly think I’m talking about monetary gain, acting “better” as a person is as valuable as “earning” better. Sorry about the rant but its January and I see so many people already tolerant or at times happy with “mediocre”.

No not this time, not this year, not this life. Aim just a little higher as you surely deserve better. When 2017 ends I care not if I’m 1%, 5% or 100% better than the person I was in 2016, I know I will just be better as I will not tolerate staying the same – that’s not what I deserve or am here for.

Until next time

Colin W

Twitter: @colinwccuk

Chief Technologist Computacenter UK – Networking, Security and Collaboration

 

Note: All views articulated are my own and do not constitute an opinion or recommendation from Computacenter.

Amazon GO – “Technology evolution / retail progression or ……..”

Just when things look like they may stay the same, they change…

Amazon recently launched its first checkout and employee free retail site in the America as a natural complement to the existing Amazon web and mobile shopping experience. Products can be purchased via the existing Amazon web or mobile app and collected without Amazon employee intervention in the store. Or purchased in store from a limited selection based on a wholly store based experience with no in store Amazon employee oriented human interaction. This really is an example of digitisation “plus” at work where the historical customer buying cycle of instore person to person interaction with additional onus on the integrity of the financial transaction at the end of the cycle, has been reengineered to become a fully technology enabled experience.

Self-scanning checkouts in retail started the trend and are now somewhat accepted (if at times still challenging to use), but the human option for person to person engagement remained a key element of the instore experience based on the importance of cash collection and a customer satisfying end to the retail interaction. But could this be a “reset” of the customer retail purchasing script delivered in one swipe by the completely new Amazon retail approach. The Amazon experiment or pilot may signpost with tangible evidence the changing state of the workforce where system driven automation may augment or totally replace person to person engagement.

The Amazon GO launch has delivered a degree of shock and awe to both customers and the industry in equal measure and whilst much of the discussion has focused on the impact on jobs, i.e. the detrimental human labour effect, it further signposts the ever increasing importance of information technology in our professional and social lives. Secure wireless networking, high definition cameras, advanced AI, big data and analytics, IOT sensors and the sheer volume of IT elements required that must work in harmony with zero failure is immense. With the end result, promotion of the IT system from technology to augment human actions & intellect to a mission critical platform fundamental to both the business and customer experience. ‎Via this new IT persona, failure, downtime or system breach is no longer an option – for any reason. Tomorrow’s user is already here today and deems a “Digital Me” experience, the only experience – the amalgam of imagination, technology and process allows that to happen.

Whether you are a supporter or detractor of this fundamentally new approach to retailing, the innovation and bravery of Amazon must be admired as the pilot of anything new of this style may suffer from the usual first mover teething challenges (shrinkage, reliability, miss set expectation issues). However, this really is a new dawn for the use of new technology, IOT and actionable AI in a real world customer centric environment. Personally, irrespective of the success or not of this Amazon initiative I have no doubt other retailers will be seriously considering this new customer engagement mode as the potential within is clear for all to see.

In my option human intelligence will NEVER be replaced by IT based systems, but standardised, repeatable human activity that can be automated and “systemised” certainly will be.

Forward now looks very very interesting

Until next time.

Colin W

Twitter: @colinwccuk

Chief Technologist – Computacenter UK: Networking, Security, Collaboration

Predictions: “Security 10 for 2017” – Time to consider where to act and to “Act now”

Once a year either at the end of an old or the start of a new year, I deliver a view on the forthcoming year. Common to many industry analysts who “call” the market, it’s a view based on customer sentiment (I speak to many many customers), extensive research, market knowledge and many years of experience (an elegant way of writing “gut feel”). This year I will release the “Security 10 for 2017” earlier than normal to reduce the comparison to other market perspectives that will appear on mass in January. Important note: the views within are my own and do not constitute the views of Computacenter Group.

This overview will be slightly longer than my normal 400 – 500 words, however I hope you understand the content deserves the extra literary real estate. Happy reading.

1: IOT attacks will increase

Focus on IOT non-human devices with weak security may increase as they become the ideal candidates to be used as botnets or drones. The weaker security layers within IOT devices with less evolved security components may result in the industry acting in catch up mode as each compromise signposts the remediation required and the next likely targets. There is no easy fix in sight with between 24 and 50 million IOT connected devices expected by 2020 but security basics including changing default passwords and remaining in tune with vendor software and patch updates are mandatory first steps. Key tip when considering IOT to deliver a business outcome, start with security in mind and end with security by default.

2: DDOS mega attacks will continue and worsen

DDOS attacks haven’t gone away, in fact Akamai cite a 125% increase in year on year attacks. With an increased volume of bots enabled via compromised IOT platforms and the real world turmoil generated by the massive DYN DDOS attack in October, attackers may consider the potential for disruption second to none. DDOS protection solutions have been deploy and forget for far too long with insufficient proactive scrutiny of logs and early warning alerts that may indicate a future larger attack is pending. Now is the time to fully understand the protection delivered by the service provider as a minimum to determine the likelihood of a successful attack.

3: Rise of insider (user) driven attacks.

Sadly humans can be a weak link with non-malicious user errors and insiders encouraged, bribed or bullied into undertaking actions that compromise systems. As client and datacentre security solutions increase in capability, therefore deliver enhanced protection, the user remains the least protected vector. User awareness, education and (with emphasis on accountability and liability) is continually highlighted as essential – now is the time to act and assign the highest priority level possible to security education for end users.

4: Last minute rush for GDPR compliance

Common to other historical compliance requirements, GDPR may suffer from a yearlong “wait and see” with the result slow progress, then a crisis driven rush to design and deploy solutions. GDPR shines a light on privacy with emphasis on data that contains personally identifiable information must be secure by default. The journey to compliance starts with awareness of the key GDPR directives, quickly followed by the need to understand the type of data in existence, where it resides across the enterprise and whether it is within the scope of GDPR. GDPR assessment and remediation solutions will be a major business impacting activity through 2017.

5: Social engineering attacks may become undetectable

Social engineering attacks may become so personalised and well-crafted they may be hard to detect from a human or systems perspective. Whether it’s sales driven “Black Friday” or the Christmas “social” season updates, the endless stream of social media publicised events may act as a catalyst to drive increased volumes of “better than good enough” phishing messages with amazing offers (that sadly deliver a malware payload or redirect). Social engineering is an area positively affected by enhanced user awareness and education.

6: Ransomware may spiral out of control

2016 has proved a successful year for ransomware with ransoms increasing in size and frequency – 2017 may see attacks increase rather than decrease. Recent vendor commentary indicates as many as 54% of UK businesses have experienced some form of attack (source: malwareBytes). Ransomware authors based of the sheer volume of malware released have access to an unprecedented amount of potential human targets. Client security solution enhancement, with the arrival of specialist anti exploit solutions may slow the ransomware march but not without the assistance of greatly increased end user security education. The fear of modern ransomware will drive a review of existing endpoint security technologies to reduce or eliminate the number of “first casualties” as surely one casualty is one too many

7: Cloud computing specific attacks will increase.

With organisations moving to the cloud, dedicated attacks (compromised permissions, etc) on cloud delivered applications and workloads may become the norm based on the potential to gain the largest prize. Cloud platforms are extremely well protected but the long list of potential attack vectors including credential theft, DDOS, data theft, compromise via zero day exploits and many other general security attacks (but targeted at cloud computing) may steadily increase as enterprises accelerate their use of cloud computing solution delivery modes.

8: Credential theft will continue to rise.

A robust digital identity is fast becoming a key deliverable within modern enterprises to facilitate secure single sign on across multiple platforms. This makes a stolen credential more lucrative than ever. Digital identity and credential theft may rise to the top of the security risk agenda for many organisations with digital credentials the golden key to both known and unknown “digital enterprise locks”. Attackers are familiar with the process of stealing credentials for access or to create subsequent hidden and elevated credentials for use during an attack. A least privilege, zero trust approach to IT security must become the new normal.

9: Banking and payment system attacks will increase.

As the world moves to digital payment by default, compromise of a payment system, ATM, contactless platform or digital financial services intermediary may deliver a major shock to the confidence of the financial sector as a whole. We now have attacks on banking and payment systems that have successfully breached existing defences leveraging both known and unknown techniques. This may encourage attackers to invest further to ensure they remain one step ahead of not just those defending but equally other assailants seeking to attack first then disappear. Enhanced visibility is a must with assistance delivered by big data and machine learning enabled advanced security platforms to proactively stargaze “what could happen next” before it occurs.

10: Dedicated attacks on “HomeHub” smart technology

We are entering an era of smart home devices and intelligent digital assistants. This style of attack may exhibit nothing previously seen and include highly non standard attack modes including homes held to “thermal ransom” with heating systems shut down or the potential for unexpected orders / purchases from voice activated digital assistants that may not be detected until a later date. It is a valid assumption that “smart home” technology with wireless enabled devices, creating and accessing data continually will permeate even the most basic home / work environment. Protection of smart home / IOT platforms will evolve as adoption increases, but the initial lag may create a window of opportunity for attackers.

 

The “Security 10 for 2017”mentioned could be 20, 30 or 100 depending on the enterprise, vertical market and enterprise current state. A few of the perspectives mentioned may concur with other industry / market watchers and others may even deliver a totally different viewpoint. However all are areas of potential attack or compromise that should be considered to determine the likelihood of a successful attack and therefore form part of a pre-emptive protection or remediation plan for 2017.

2017 will be the year good enough security may not be “good enough”. Now is the time respond to minimize the need to react.

Until next time.

Colin

Twitter: @colinwccuk

Chief Technologist Computacenter UK:   Networking, Security and Collaboration

Important note: the views within are my own and do not constitute the views of Computacenter Group.

 

In the midst of digital transformation don’t forget “People Matter”

We view the world through filters created by our personal perspective of “self”, the environment, experiences and our interaction with others. The end result could infer the current human state of “normal” may not really exist with the social concept hard to anchor to anything consistent or common.

The current “digital world” further compounds this state by allowing us to create a digital secondary, individualised “own view” of the “human experience” augmented by technology personalised to our social or working desires. Why all of the fluffy prose, there is no universal guarantee this new digital world of “self” delivers an ideal one with the endless change creating as much personal and emotional instability as it does excitement and enthusiasm. People matter, the feelings of people matter, the dreams of people matter – and now in the midst of the wave of “technology is the answer” dialogue, we will all do well to focus a lens or shine a light on the importance of continually reinforcing “people matter”.

I often labour when discussing personal development with our graduate new starters that personal development is owned by and starts with the individual, not the organisation. The best “YOU” that you can be becomes the best you for all who interact or experience you (both in and out of the work domain). But the organisationor the employer plays a massive part in that ongoing development by continuing to acknowledge and signpost personal development as a fundamental enabler of business differentiation.

It fills me with pride that I have been appointed as the UK country unit person within the Computacenter “People Panel” team to work with our Human Resources function to ensure we maintain our effort on inclusion, empowerment and the development of our people to ensure Computacenter continues to deliver an employee development experience second to none. No one really knows what the future holds but a few things are guaranteed, it will still be a world of people, for people, driven by people and their experiences – technology will purely assist those people to maximise their experiences and potential. The digital and technology evolution occurring now and potentially forever more will deliver an amazing ride for all, but don’t let it become more important than the “people” it serves.

Until next time.

Colin W

@colinwccuk

Chief Technologist Computacenter UK, Networking, Security and Collaboration