“Cybercrime may now be bigger than the drug trade”, quoted the City of London police commissioner Adrian Leppard.
Security breach announcements that were once a rarity in the non IT world are now BBC front page news on a regular basis. Whether it’s the attack and successful removal of data from a previous unknown (but now well known) dating site or the more recent attack and potentially successful data breach of a major consumer telecoms services provider, Cyber attacks are the norm. Is it time to accept them as a necessary by product of the relentless creation and consumption of digital data, sadly yes. But to accept they exist does not mean an acceptance that an attack should be effective when there are so many steps that can be taken to reduce the potential for success. Defending and securing IT systems are not an easy task as the approach includes people, process and systems. To keep all three security aware and congruent at all times is a challenge with that one “out of sync” moment the attack window for a hacker. Do nothing or “do something but slowly” is a sure-fire way to be the next big story on the front page of the BBC news broadcast. It’s time for new thinking, new skills and better visibility EVERYWHERE or the enterprise will NEVER be secure.
Many years ago a large IT company ran a brilliant ad campaign about the need to think differently. In the case of IT systems and Cyber security, thinking differently should include a rigorous appraisal of existing defences, a perspective on the most valuable digital assets within the organisation (and the additional protection they require) and most importantly the need for people to change the way they interact with digital systems (vigilance). To defend against an attack, it’s time to “think like an attacker” and not based on a viewpoint that attacks follow standardised behaviour, are seeking random targets and lack rigour and planning. Today’s attackers or attack teams are extremely well trained, often well funded and have razor sharp focus on the target and expected outcome. Old school thinking based on technology will fall short in this new digital age. It’s time for new school thinking based on the psychology of an attacker as that will surely deliver greater value (protection).
We are in the midst of an enterprise business landscape with an aging work population aligned with traditional IT skills needing to evolve to a revised “digital rich” skills portfolio. This new skillset is likely to be software influenced and will definitely drive the need to think differently, learn now and learn very differently. And to further compound matters the emerging work force of Generation Y and Z thinkers may not be viewing Information Technology as the “must join” profession of circa 25 years ago. Modern enterprises face the quandary of an old workforce with dated security skills, coupled with a new workforce with skills too new to make an impact – who then will solve the security challenges we currently face? Sadly the skills problem will not be resolved overnight with a major investment in academic level cyber awareness, new age security skills training on mass for existing networking and security personnel plus enhanced employee security education as a mandatory activity within all enterprises. It’s time for enterprise organisations to encourage everyone who embraces the benefits of IT to also part be of the solution to the cyber security challenge.
There has been an age old management quote highlighting the difficultly managing things that can’t be seen – so why believe it to be different with data and information technology outcomes. Digital data is now the DNA of modern enterprises with the potential to ignite ongoing success or collapse an organisation to failure. Full visibility of data from edge to core with the potential to preempt attacks or fast remediate breaches is now an essential element of the enterprise IT systems operational playbook. Breaches will occur in a digital data rich enterprise due to the challenge of continually appraising human, IT and non IT systems behaviour in context and in sync. However enhanced visibility leveraging optimised data analytics can highlight anomalies or areas for further investigation earlier with the hope it’s early enough for the correct intervention prior to a breach. And if an when a breach unfortunately occurs, “flight recorder” type data playback of the pre and post breach state will accelerate the time to triage and remediate plus reduce the potential for a mirrored attack. Many highlight “encryption everywhere” as one of the most impact full strategies for data protection and the emerging and very interesting “software defined perimeter (SDP)” approach (zero trust access control and data movement) as instant fixes. There is no doubt that both will be highly effective protection elements but only as part of a wholesale rethink of security defence, protection and breach remediation.
Enterprises MUST now change their approach and security solutions expectations. The increased use of mobile solutions, cloud computing and virtualisation are not creating a problem for security professions but instead delivering the potential to “reset” security protection and defence within the enterprise. The days of “adding more layers”, often bigger or higher than previously delivered are no more – instead it’s time to design a solution for an enterprise in a state of continual attack not in “comfortable defence”. Effective digital systems security WILL be a primary business enabler in the digital age as enterprises that fail to defend well, remediate quickly and understand attacks may not survive for long enough to fully recover.
Until next time.
Chief Technologist – Networking, Security, UC – Computacenter UK
After numerous years performing a task (it can be anything from a daily job to fatherhood), you often reach the point of preaching (or maybe it’s just me): “In my day…” or “we didn’t do things like that” and so on… But the rate of change in business driven by information technology (IT) today makes time frames as short as a year ago seem like the “good old days”.
Last weekend was opened by “Black Friday”, a social season that’s skipped across to the UK in pretty much a year to mirror one of the largest retail trading windows in the US – “Thanksgiving”. The Thanksgiving weekend stateside unlocked a retail extravaganza of below bargain prices and frenzied shopping at a level rarely seen in the UK outside of the few weeks that precede Christmas. Even though we don’t celebrate “Thanksgiving” we now have our own Black Friday price crash and shopping madness that I suspect will be here for the indefinite future. So where I hear you ask is the IT link, can IT really be the silver bullet to retail success in a manic market? Not in isolation as people buying from people, served by people, engaging with people is still the richest emotional experience, but with the dawn of Omni-channel as an essential go-to-market strategy, IT genuinely is the “silver bullet”.
Picture the average UK shopper last weekend (Black Friday weekend):
- The UK news media started to stoke the fire of “Black Friday” days earlier advertising the potential for once in a lifetime deals and prices.
- Consumers via the internet researched current prices and specifications of products of interest.
- Those consumers keen on bargains but without the crush were waiting keenly at 00.00am (and 1 second) on Friday morning to place the first online orders at the Black Friday price.
- Many web sites couldn’t cope creating a situation that reinforces the importance of robust IT systems potentially using cloud computing to allow “burst” or on-demand scaling with application delivery controllers that shares workloads across both local and global systems.
- As the online trading carried on furiously through the early morning, the retail high street front doors opened and stampedes ensued for many who had researched online, but wanted to visit the store in person (as much for the emotional and tactile shopping experience).
- And as the tills rang and many left those frantic stores bargains in hand, fleets of delivery vehicles were then despatched to deliver both online orders and in-store orders in a manner most convenient to the purchaser.
A quick comparison with the “good old days” and using a similar example:
- The consumer would visit the store, research in store and buy in store (or visit multiple stores until the price or “offer” was right); or research online, buy online; or research online, pick in store; and for both delivery to a location that suits at a time that suits.
Dynamic, highly scalable processing systems, with the capability to burst into on demand resources at peak times, balanced across the globe by high performance, application-aware networks with secure application delivery control, must surely be the only template that can deliver repeated success in this “Black Friday” influenced digital economy. That’s why IT delivered well is key to Omni-channel success (in fact retail success in general). As Europe’s leading user enablement IT infrastructure systems integrator, Computacenter plays a major role in this arena, ensuring time is not just money, but equally ultimate customer satisfaction.
Omni-channel, underpinned by the effective amalgam of IT and human service delivery delivers the best of all of the above. The consumer “Omni-channel” engagement mode (“my product, in my time, my way”) is fast becoming the norm for consumers ever-present today, with few memories of the “good old days”. Buy online/collect in store, research online/collect in-store, browse in-store/buy online – “my way”.
Without Omni-channel the only channel available to the consumer is “your channel”, the channel(s) presented by the retailer. However in today’s personalised digital economy retailers may find if they don’t allow the buyer to engage and interact via “their” channel, they may choose not to transact via the retailer at all. A simple to use, effective online presence is now essential, but alongside UC-enabled customer contact centres, high street-based outlets with engaging staff, customer WIFI, digital signage for rich media advertising and back-end systems that deliver a single customer data view, it’s easy to see how Omni-channel that blends all is quickly becoming the king of the castle.
Until next time.
One of the areas that I’m increasingly reflecting on in my day to day dealings with partners and customers is the changing nature of some of the established IT ecosystems and the disruptive influence that the SMAC stack (Social, Mobile, Analytics & Cloud) is having on them. The changes are far-reaching and permeating all layers of traditional IT infrastructure such as Software, End Points, Networking and Datacenter technologies.
Nothing is making this more apparent to me than in our Group Mobile project that we are running to deliver enhanced capabilities and improved ways of working for our own staff and ultimately our clients looking to embrace this next wave of opportunity, innovation and efficiency.
During a recent analyst event we held, one of our customers who a leading global automotive manufacturer was sharing the exponential growth of end-points expected to impact their infrastructure over the coming years. I was somewhat startled at the predictions as I was purely thinking in the context of their employees and their growing demand for mobility until it was pointed out that they are also intending to bring their production vehicles on-stream over the coming years! The opportunity for them to collect analytics from the use and performance of their ‘product’ will provide insight to improving every single aspect of their value chain in the years to come.
Whether it is the “Internet of Things” or increasing demands for employee flexibility and mobility the infrastructure of tomorrow will increasingly require horizontal interoperability between the various vertical markets and IT ecosystems to enable the full potential of a connected experience. Creating platforms that are communicable, operable and programmable across devices – regardless of manufacturer, model or vertical sector – will be required. The vision is that connectivity between people, processes and ‘things’ should work seamlessly for businesses to truly flourish at scale.
Despite the fact that many emerging vendors are working towards interoperability (just look at the recent change in strategy from Microsoft to enable Office on Apple devices), the present fragmentation – in terms of devices, operating systems, software and a wide range of different connectivity protocols – remains in my view one of the greatest barriers for IT to crack to enable broader adoption. However, we do see some players out there taking the lead in building Enterprise grade platforms that allow us to abstract some of these dependencies and allow IT to enable their businesses through exploiting intelligence, agility and user/consumer empowerment with architectures that transform the way they engage with their systems.
We’re getting close to deploying a platform of this type into production ourselves. Our aim? – to really validate whether this provides us the opportunity to build our own particular ecosystem of technology partners and systems (old and new) to improve not only our own ways of working but drive Enterprise Mobility in this brave new world of consumer led products and services.
Well it’s that time of the year and no well-meaning blog would be complete without some predictions for the coming year. I canvassed some of my team for their views so that we can look back next year and see if they have potential parallel careers as fortune tellers!
First up is Paul who thinks we will see lots of continued uncertainty in the Mobile OS market, with a surprising upswing in Windows Phone and fight back by Blackberry to maintain adoption in Enterprise – that won’t be matched in the consumer world. Somewhat polar to market commentary and headlines – so something to keep an eye on!
Next up is Pete who believes SSD (Solid State Disk) will become standard, across all traditional PC client devices. The cost difference for spindle and solid state has reached such a small difference that the performance benefits and reduced failure rates will outweigh this small price difference. Hmmm, could be good news for Samsung and Kingston!
Pete also thinks we’ll see the death of the docking station (again 🙂 ) – as we move towards more choice and more mobile devices, the desire and ability for a consistent docking experience will be surpassed by wireless peripherals and connected screens.
Next one up from the team is not necessarily good news for the industry and somewhat inevitable in the climate but there is the expectation that at least one major ‘pure play’ reseller (read no services division) will either go under or get swallowed up in 2014.
David in Services also suggests that we might see a short-fall in available UK resources to tackle the backlog of Enterprise Windows XP users that still haven’t migrated – caused by the product formally going ‘end of life’ in April 2014. Not sure if this is a prediction or wishful thinking!!
Finally, we move to Tina and Software. First prediction is that we will see Big Data move into the mainstream as people stop talking about it and start to use information to underpin their business models. Whilst 2014 will also be the year that we see the number of software vendors used within Enterprise estates increase as a result of the users opting for smaller ‘app like’ line-of- business tools and not the over specified and under-utilised tools they have today.
Personally, I think that we will continue to be ‘S.M.A.C.ked’ (Social, Mobile, Analytics and Cloud) as a major theme and as the “nexus of forces” continues to empower users through technology and information it will make 2014 disruptive and stimulating for everybody involved in Workplace IT.
So there you have it, down in black and white for judgement next year. I’d be really interested to hear your own predictions for the coming year (related to Workplace IT of course!)?
I hope you have a great Christmas break, and see you all in 2014!
Industry surveys, analyst commentary, our client and partner conversations all suggest that “Mobility” is the hottest concept in enterprise IT, possibly surpassing “cloud” which has dominated the IT agenda in recent years. But haven’t we always been mobile?
We may be in danger of speaking about ‘Mobility’ as if its a new concept even though we’ve had mobile work styles and solutions for at least the past 20 years! What is changing, and what we need to focus on is how technology, user demands and innovation are driving solutions that in turn drive a whole new value proposition around mobility and its application potential across a much broader area. In doing so, we need to reset our definition of “Enterprise Mobility”
Our Mobile Journey
A mobile worker was once a “road warrior”, based from the company car, armed with only a work diary they would conduct the majority of their working week away from the office – meeting clients, taking orders and writing up notes that they would then have to process on their return to the office and “got connected”. This was how you achieved customer intimacy, but with glaring inefficiencies and challenges that seem so alien to us now.
True, IT mobility started in the laptop era. As hardware became more cost effective businesses could unshackle key users from a fixed office location. Dial up RAS was the first mobile solution, as long as you were near a telephone line! It was better, but still not efficient or flexible. With the emergence of broadband technology and WiFi, mobile working joined the mainstream and with the prevalence of mobile phones users could be connected and contactable. Suddenly users became mobile, productive and contactable! The really important people were also given a Blackberry, the epitome of mobility.
It would be difficult to say that we weren’t mobile, albeit in the early days it could be an inefficient and frustrating experience
Consumerisation: Redefining Mobility
The mobile workforce was contented, technology was enhancing and connectivity was improving as we moved into the 3G area. Then came an explosion of consumer led technology – devices and cloud services. This moved “mobility” to the next level, and before we knew it, this technology found its way into the corporate world.
Device platforms and form factors changed, but more importantly the technology was much simpler to operate and fashionable, and with strong connectivity it all started to come together:
We can work anywhere, on any device, and at any time.
The only lingering problem was that this was starting to occur under the radar; users were driving this trend rather than the IT department. The term “shadow IT” was coined to define the trend, and is now explains the significant challenges facing the IT department.
Challenges and the Future
The future mobile world is a complex mix of all of the things we’ve discussed – devices, connectivity, services, applications and data. We want to be able to work from multiple device types, at any time, in any location and for it to be consistent and at/for our convenience. The nature of work has also changed significantly, competition in the market, globalisation and the demands it places on employees and the strive for home/life balance and key examples where we as users have had to look towards new technology to help us “keep up” and achieve the right balance
The demands are unprecedented, and require we architect and think about mobility in a whole new way:
- Abstract the user and their services from the devices that they use
- To support a much broader range of device platforms and form factors
- Mobilise applications and data content
- Govern, manage and secure the services to protect the company
- Put the user needs and experience at the forefront of the design
Those are the guiding principles by which we’re developing our Mobility and Workplace services; Mobility isn’t new, but the challenges and opportunities it now offers businesses are bigger than ever before.
In line with other public sector organisations, the NHS is required to make savings over the next few years. In total, these savings will amount to approximately £20Bn and are expected not to come from front line services, but rather to be found in rationalisation and efficiency savings across the board.
One way in which Acute Trusts and Mental Health Trusts are seeking to meet this challenge is to undertake Estates Rationalisation Programmes. Many organisations have a number of sites which are extremely expensive to run and are often providing limited services which can be carried out better in the community or linked with other NHS delivery to bring efficiencies.
For example, at some Trusts Community Nurses are based at a site where they have to attend each morning to log in to systems and collect their workload before setting off to see patients. At the end of the day, the clinician is required to return to the site to input the results of each clinical session undertaken, as well as ordering any follow ups required. This seriously impacts on the total time available to clinicians to meet with patients.
Technology can help. By making clinical systems accessible over mobile and wireless technologies in a completely secure and safe manner ensures that the clinician is able to access notes and patient details at the point of care. In the case of areas where mobile and wireless coverage is far from perfect (anything from rural areas to city centre housing estates and high rise blocks for example) systems can be made available in an “offline” mode. In this mode, the clinician still has access to information which is at most 24-48 hours out of date, but still very relevant to the patient.
The ability of these mobile clinicians not to have to come in to a “base” on a daily basis will reduce the amount of wasted time in travelling, and will increase total clinician-patient face time on a daily basis.
But Trusts need to think carefully about how this is achieved. Requirements of the Data Protection Act, the underlying principles of Caldicott and other NHS specific regulations around patient data security cannot be dismissed. The ICO (Information Commissioners Office) has been fining NHS organisations large sums for the loss of data, and so Trusts must ensure that data is fully secured both at rest and in transit.
Solutions will need to ensure that mobile devices (including BYOD devices) are properly secured and can be centrally managed – including full remote locking and remote wipe. In the case of clinical information, there is a requirement that the information is encrypted at all times. Furthermore, IT Directors and CIOs will have to ensure that such solutions are not open to “screen scraping” technologies.
But it is not only the information which needs to be secure. We also need to secure our staff. Clinicians are already vulnerable when out working in the community. Some are seen as targets for FP10 forms (prescriptions) or for possible drugs they may be carrying. Others invite attack simply for being a clinician. Equipping these staff with expensive mobile devices may increase the risk of muggings etc.
To prevent this, Trusts must employ strong lone worker solutions. A number of these are available ranging from solutions which are manual – based on mobile phone usage – to technically adept solutions which track locations (GPS) and have two way radio built into them which can be operated without patients/citizens being made aware. This then allows an emergency call centre to listen in to the situation and summon the appropriate assistance. The small costs of such systems and the decreasing costs of mobile solutions is quickly saved in the ability of organisations to reduce their estates footprint and to treat more patients in a shorter time.
But a word of warning. It is easy for CIOs and IT Directors to over-promise ROIs and perceived benefits of such systems. Any such implementation should be done in a phased approach allowing impact on services and savings to be correctly measured and monitored before a whole systems roll out. There are issues around ICT training, availability of hardware and solutions, security and even clinical adoption which need to be carefully ironed out before any programme is initiated. And one of the major reasons for failure of IT Programmes in the NHS? Clinician Engagement – the Trust must ensure that key clinicians who represent their areas are involved in the design and build of any mobile solution.
As an IT person, I can design a technical solution which will best meet the technical need – I cannot design a solution to be used in clinical areas without clinical input. I will only look at the technology, I need the clinicians to tell me how they work to ensure that workflows are logical to the use cases. Running a Proof of Concept with a partner of choice who is technology and vendor agnostic will allow Trusts to mix and match all solutions available to find the best approach for their specific clinical and business needs. Not all mobility solutions are the same, and not all security solutions are designed with the mobile workforce in mind. Overall, Trusts need to ensure that they select the right partner who is able to work closely with them to assist them in achieving their goals.