The Manchester-based tech company has earned a commendation from Most Loved Workplaces for its unwavering commitment to crafting a positive and thriving corporate culture that resonates with its workforce.

Underpinned by the meticulous research and insights provided by the esteemed Best Practice Institute (BPI), Most Loved Workplaces utilises its proprietary Love of Workplace Index to comprehensively gauge employee satisfaction and sentiment. This comprehensive evaluation encompasses essential aspects such as mutual respect, seamless collaboration, unwavering support, and a profound sense of belonging that individuals experience within their organisational environment.

With an impressive 97% employee confidence score, M247 has manifested its commitment to nurturing a workplace ethos that resonates with positivity and appreciation. The company has consistently championed initiatives and practices that contribute to cultivating an atmosphere of camaraderie and mutual respect.

This accomplishment underscores the company’s resolute dedication to placing employees squarely at the heart of its operational framework. Notably, M247 has also distinguished itself through its remarkable ability to foster cross-level collaboration throughout the organisation, charting a promising course for the future.

Louis Carter, founder, and CEO of BPI said: “I started Most Loved Workplaces out of inspiration from my community of people who consciously place love for their employees at the centre of their business model.”

Rich Hughes, Chief People Officer at M247 said: “The ethos of loving employees is engrained in our core values at M247. I’m delighted to see that we have been recognised by Most Loved Workplaces with this prestigious certification.

At M247, we value our people greatly, we see them as people who can power technology, and credit them largely in the formation of our strong company culture; something that has become so instrumental to success in today’s competitive tech sector. We will continue to work hard at maintaining a workplace where every voice is heard and valued, and one that is loved by our team and employees to come.”

The post M247: Awarded Most Loved Workplace Certification appeared first on M247.

In the penultimate Article of the Week from Raconteur’s 2023 Cloud for Business Report, as distributed in The Sunday Times, we look at an article from LzLabs, which argues in support of businesses taking a methodical approach to legacy modernisation.

What is new in tech today, will be old tomorrow. As businesses attempt to become more agile, the adaptability of their key technology, applications and hardware is often in question. Over recent decades, this has certainly been the case with mainframes, on which companies base many of their key applications. Similar change has also affected even the most modern enterprise resource planning platforms and cloud-based apps.

But modernising existing setups should not necessarily involve complete replacement. In fact, many aspects of an organisation’s technology architecture are there for good reason and remain critical to core processes. Elsewhere, however, parts of an IT infrastructure might not be as adaptable to current demands and shifting business objectives. Rather than looking for a silver bullet to solve these issues at once, a more nuanced approach is necessary.

“Many companies are moving away from running data centres and mainframes due to the costs and complexity involved,” explains Thilo Rockmann, chief executive of the mainframe transformation and modernisation company LzLabs. “Executives at a car manufacturer or a retailer, for example, might ask themselves: ‘Why would I want to spend resources running a data centre when I have more pressing business priorities to focus on?’ While this question is understandable, there needs to be a more nuanced view of what needs modernising and how.”

At the same time, businesses are facing a growing skills problem. In many cases, personnel who implemented these older systems or wrote the source code have not only quit the company, but left the workforce entirely. Their retirement means organisations have some loss of control over core systems.

Worsening the situation is the fact that data centres typically rely on multiple technologies, from operating systems such as UNIX and Linux, to different processor architectures such as ARM and x86, as well as multiple coding languages including COBOL and Python.

‘Big-bang’ change

When tackling these problems, companies are increasingly attempting to ‘lift and shift’ all their IT and data to the cloud, hoping that centralised technology will solve their operational concerns.

“The pressure around this ultimately comes from business leaders, who want tech change and business model adaptation to happen more quickly and for systems to meet multiple emergent demands,” Rockmann warns. “It’s a bit like having hundreds of people working on a spreadsheet, and expecting it to be switched to offer the capabilities of a database – sometimes a system just can’t keep pace with requirements.”

Among some executives, the idea that the grass is greener with a different setup typically leads to a strategy of shifting to a singular system or service. In practice, when businesses implement a central off-the-shelf platform, many later regret being tied in with one vendor and unable to customise the technology. So-called ‘big bang’ shifts also end up taking so long to prepare that the requirements

have often changed by the go-live date. Alternatively, businesses may hand over all systems to a cloud host, perhaps mistakenly allowing key knowledge to leave the company.

By contrast, other businesses attempt to rewrite large tranches of their software. However, this quickly becomes incredibly complex and takes longer than leaders usually expect. Developers may realise that either the source code is nowhere in sight, or the documentation they have is not representative of the system in live production.

Methodical and iterative improvement

A more effective approach to legacy modernisation is to work step-by-step towards an innovative and adaptable setup. This means tech leaders recognising nuances in their company’s changing needs, and in how their systems serve these requirements.

“Modernisation is really like solving a complex mathematical equation, you can’t jump to the answer,” Rockmann explains. “The only way is to work step-by-step in analysing system strengths and then making the right changes in sequence, without too many concurrent moving parts.”

Businesses should start by recognising the value in the systems they have with a view to preserving what works. They then make changes only where necessary, focusing on introducing a fluid pace of modernisation that delivers steady results from early in the process. This approach also means ensuring interoperability and the use of open source software where possible, to avoid being tied into a particular vendor.

“Sometimes businesses need to make a leap in aspects of their modernisation, but as a rule it’s far better to be cautious and considered when it comes to introducing technological change,” Rockmann says.

The benefits of a more measured approach are twofold. First, the risk of technology failure is minimised because businesses move away from big bang thinking towards a continuum of change supported by an agile culture and an ability to course correct. And, second, IT staff and an organisation’s entire workforce have the chance to adjust and develop with the new ways of operating.

Success in practice

Companies worldwide are working to adopt this effective approach and deliver legacy modernisation that meets current and future business needs.

As broader economic conditions evolve and business leaders push for more rapid operational and business model transformations to meet these new realities, IT departments are under immense pressure to maximise the value of their systems and any changes made. The smartest companies are carefully undertaking legacy modernisation, while retaining essential parts of their IT infrastructure and placing them in improved environments. Those that act assertively, but with consideration and methodical change, position themselves well for long-term success.

M247 opinion/thoughts

Whether it’s cloud migration, cloud repatriation or legacy modernisation, there’s a lot of talk at the moment about the need for businesses to take a considered, methodical and individualised approach to implementing technological change. It makes sense. Businesses are operating in increasingly complex and individualised external environments, and it’s imperative that their internal environments can remain flexible to the shifting demands of the business and its workforce. What works for one business won’t work for another. This is as true of legacy technology as it is of the cloud environment, and businesses will be well served by avoiding falling into the trap of ‘shiny new object’ syndrome. The newest technology isn’t always the best – not for every business. And in fact introducing new tech without proper forethought and consideration of the rest of the environment can cause significant issues and disruption down the line.

Some element of modernisation will undoubtedly bolster the capabilities of most businesses that still run legacy applications and software in legacy environments, but as this article says, there really is no silver bullet. Legacy environments are often complex, specialist and sprawling – they have been built, tailored and tweaked over sometimes decades, and this can’t be easily or quickly replicated. There’s mutual operability, delicately intertwined processes and workflows, and the only way to really preserve the functionality of the environment is by taking a methodical, fine-grained approach to modernisation.

With the right approach and the right support, however, businesses can harness the best of modern technology to support a legacy environment that has served the business well for decades, to ensure it will continue to do so for years into the future.

To download your complete copy of 2023 Cloud for Business report and read more articles like this, click here

The post Article of the Week: Legacy modernisation: there is no silver bullet appeared first on M247.

In our final article of the week from the 2023 Cloud for Business report we take a look at the article originally written by Marc Ambasna-Jones, explores what businesses need to consider when migrating to the Cloud to drive cost efficiencies.

Uber announced in February that it is ditching its on-premises data centres and moving its business to the cloud with Oracle and Google. IT professionals around the country would not have been in the least surprised by the news.

This was another example of an organisation admitting it’s not in the business of running data centres. As its CEO Dara Khosrowshahi put it, Uber is in the business of “revolutionising the way people and products move across continents and through cities”. Not forgetting that the deal with Oracle aims to “maximise innovation while reducing overall infrastructure costs” for Uber.

There it is in a nutshell. Cloud computing can help firms to slash costs and free them up to focus on what they do best. If only it were that simple.

Uber’s shift from running its own data centres to moving to cloud services is significant. As Steen Dalgas, senior cloud economist at cloud infrastructure firm Nutanix suggests, data centres have become “increasingly expensive and complex to run”. Volatile energy costs and coping with the scale of generated data have made running data centres untenable, which is part of the reason the cloud seems so attractive.

But firms must be careful. The image of cloud computing as a cheaper alternative is fair enough – to a point. Dalgas talks about the sticking plaster analogy and highlights how one of Nutanix’s customers started a cloud transformation three years ago, only to determine it was “too difficult and expensive to go to the public cloud”. It’s indicative of the image. Hitting the wall with public cloud for Nutanix’s customer meant going back to basics, modernising the entire infrastructure and taking a hybrid approach to the types of cloud services it needed to fulfil its business goals. Saving costs was just one of its aims.

While a Forrester report, Navigating the 2023 Downturn: Technology Executive, points to “a strong cloud strategy” as one of the key elements to face up to a recession, it comes with caveats. As Dario Maisto, senior analyst at Forrester, warns: “Cloud is the means to an outcome, not the outcome itself.” Maisto adds that cloud migration goals need to move beyond cost-cutting.

Cloud platforms and services do allow firms to move expenses from capital to operation expenditure, so there is some accounting gain. But the case for cost reduction is limited. And as Maisto points out, the “pay-as-you-get dream” can quickly become a “pay-as-you-forget nightmare” – a bit like signing up for a gym membership in January and then realising in August that you’ve been regularly paying for something which you haven’t been regularly using.

In PwC’s 2023 Cloud Business Survey, 78% of those who took part said they have adopted cloud to some level in most or all parts of their business. Yet more than half have not realised the outcomes they were after, such as lower costs, greater resilience and new revenues.

“An IT-centric ‘lift-and-shift’ approach to moving to the cloud or simply running functions or parts of a business on the cloud is not enough to make a difference,” says Warren Tucker, a partner and cloud and digital lead at PwC UK. “This is where businesses can miss out on opportunities.”

The lift-and-shift model, which is also known as rehosting, is when a business moves exactly what it is running on its own servers onto cloud services. Traditionally, this has been public cloud via one of the big providers, such as AWS, Microsoft, Google, IBM, Oracle and Alibaba.

According to Dalgas, the thinking around public cloud has shifted. Two years ago, due largely to the pandemic, conversations were mainly around using public cloud services for every workload. Today, that is no longer the case. Businesses are looking at specific workloads and choosing appropriate cloud services to fit. By assessing each workload through a set of metrics, including cost, data sovereignty, security, compliance and so on, businesses can determine the most appropriate route to take.

“Steady workloads work better in private clouds. The economics stack up better,” says Dalgas. “But if you are running a project or data processing for just two days a month, very spiky workloads, you will be better off in the public cloud, which is more elastic.”

There is plenty of chatter online that this year will be the year of cloud repatriation, with businesses moving away from the large public providers and adopting a hybrid strategy. It’s a hangover from the Covid crisis when so many businesses panic-bought public cloud services to enable remote working. The costs of public cloud have since been rising rapidly and, according to Gartner, spending on cloud will continue to dominate IT budgets this year.

With good reason. As Sid Nag, vice-president analyst at Gartner says, inflationary pressures and macroeconomic conditions are having a push-and-pull effect on cloud spending but cloud will continue “to be a bastion of safety and innovation, supporting growth during uncertain times due to its agile, elastic and scalable nature”.

This multi-cloud or hybrid strategy – a mix of public and private cloud services – is, according to IDC at least, expected to be the main beneficiary of this line of thinking. In its report FutureScape: Worldwide Futureof Digital Infrastructure 2023 Predictions, IDC claims that those organisations that can best optimise multi-cloud and hybrid digital infrastructure environments “consistently realise higher levels of operational resiliency, security, revenue growth, and overall productivity at scale”. All features prized in times of economic uncertainty.

The actual mix of cloud services will depend, as Dalgas says, on workloads. Factors such as data sovereignty, the kind of data processed and the number and quality of SaaS vendors involved can determine the direction. Whether or not the organisation works in a regulated industry is also a big factor.

Maisto suggests that a hybrid cloud strategy can deliver a certain flexibility to cloud expense management but would inevitably add a layer of complexity to the infrastructure and applications landscape. This will likely come at a cost, he says, so it has to be weighed against the actual savings and functionality gains. A cost-effective cloud strategy will leverage all the opportunities offered by the cloud vendors to reduce costs and will be successful only if cloud costs are carefully monitored.

This is where FinOps comes in, which enables organisations to manage their cloud costs more effectively. It also promotes collaboration between finance, tech, and business teams in the public cloud, to drive more accurate data-driven decision-making.

A measured approach will be needed more than ever during difficult economic times. Businesses will be defined by how they balance the desire for automation, IoT devices, increased flexibility in the workplace and multi-channel experiences for customers, with the expense of cloud computing services.

Cloud computing is not the panacea for managing costs during a recession. But, provided it is managed carefully, it will certainly help.

M247 opinion/thoughts:

The notion of the Cloud as an automatic driver of cost efficiencies has paled significantly over the past 12 months. The lift-and-shift scramble into the Cloud that many businesses undertook at the outbreak of the Covid pandemic is in many cases now actively driving inefficiencies. Businesses find themselves with cloud environments that are burdened with often massive – and costly – overprovisioning, duplication, redundancy and superfluous services.

Understandably, many businesses are turning to repatriation to combat spiralling cloud costs. But, in much the same way as lifting and shifting to the cloud has proven problematic, lifting and shifting out of it is likely to result in similar cost and operational inefficiencies down the line.

Any fundamental changes to IT infrastructure benefit from expert input and a tailor-made approach. There’s no one-size-fits-all approach to business, and no one digital environment will work for every organisation.

FinOps offers a good framework for driving cost and operational efficiencies across the business, ensuring, as it does, insight and buy-in from key stakeholders and decision makers. But businesses may also benefit from seeking input from outside the organisation – a trusted technology partner can provide expert guidance around bespoke hybrid deployments, as well as insight into longer-term strategic technology decisions.

To download your complete copy of 2023 Cloud for Business report and read more articles like this, click here

The post Article of the Week: Clouding the issue: firms rethink how to manage data appeared first on M247.

As we approach the end of our Article of the Week series, in which we have highlighted the key themes and content from this years Raconteur Cloud for Business report we put tech in the insurance sector under the spotlight…

By now, businesses are no stranger to recovery and reinvention. Preparing for tomorrow’s economic and geopolitical disruptions is part and parcel of good governance and requires organisations to prioritise resilience. Everything from weathering the recession to addressing climate change begins with insightful, decisive leadership. Without it, businesses risk being at the mercy of events rather than rising to the challenges they present.

Few sectors understand this principle better than insurance. Indeed, protecting companies, governments and communities from increasingly unpredictable global shocks is the industry’s bread and butter. But even for insurers, adversity has made meeting client expectations and shareholder demands more pressing – and more challenging.

Robust cloud operations have become essential for establishing efficiency, flexibility and resilience and helping insurers navigate geopolitical tensions and global shocks. When executed well, they have the potential to streamline the process of developing and pricing new products giving leaders the confidence to enter new markets, despite rife uncertainty. But, while the world might be especially volatile right now, there are exciting growth opportunities too.

Peter Phillips is the president and CEO of Aon’s PathWise Solutions Group within Aon’s Strategy and Technology Group, which offers a GPU SaaS enterprise solution for life insurance companies for reporting, hedging, new product development and pricing of structured reinsurance solutions. He believes that now is the time for insurers and reinsurers to embrace the agility and resilience the cloud yields to capitalise on these opportunities through better and more timely business intelligence.

“Management’s need to understand what’s happening around them to make better decisions has never been greater … and the cloud plays a key role in managing complexity and improving decisions and outcomes for businesses in a cost-effective manner,” says Phillips.

Advanced data analytics, powered by the cloud, provides insurers with a deeper understanding of their portfolio mix, allowing them to adjust their business strategy quickly and deploy or reallocate capital more effectively. Accurate data drawn from every area of the business that is centrally available for instant analysis can also help the C-suite identify and resolve inefficiencies that may otherwise restrict growth while extracting actionable insights at speed and scale.

“In the life insurance space, users are able to interrogate their data warehouse and think about the next generation of products using modern technology like green GPUs, which use a seventh of the power versus conventional CPU-based cloud solutions and also offer a material speed up in computation time,” Phillips continues.

For insurers, modelling tasks have understandably grown more complicated in recent years. “There’s greater climate volatility, for example, and people want better management information (MI) to respond,” says Alun Marriott, technology chair of Aon’s Strategy and Technology Group. “As computational power has increased, the cloud helps insurers access this power efficiently without the inherent economic and environmental costs associated with on-premise data centres.”

Catastrophe modelling has taken a giant leap forward in recent years; artificial intelligence can provide insights that would have been impossible in the not-too-distant past. “A satellite can now fly over a town hit by a hurricane, and an AI engine can work out the resulting damage to property,” says Marriott. By sharing cloud hardware, insurers can accelerate their response to those affected and offer meaningful, timely support.

“The cloud allows companies to embrace better and faster technology that would otherwise be out of reach to them,” Marriott says. “That gives them access to better MI, better decision making and better support for their customers.”

Through advanced modelling, analytics, automation, and hedging simulations, Aon’s PathWise platform uses powerful, scalable parallel GPU processing to improve organisational workflows and cut complex life insurance calculation times down from days to a few hours or minutes. From a growth perspective, automating routine tasks through cloud-enabled machine learning tools frees employees to dedicate more time to activities with tangible strategic value.

Thankfully, transferring operations from on-premise to the cloud or shifting to a new SaaS solution has also become more efficient. “While in days gone by you’d have to recode everything from scratch, nowadays templates and workflow tools can help you automate the conversion and reduce the cost of onboarding a new solution,” says Marriott.

Once the switch has been made, insurers need only pay for the storage and computing power they need to perform certain tasks. “It’s far more efficient to only commission the resources you actually need rather than leave kit unused in your own data centre,” he continues.

By reducing the vendor lock-in that often goes hand-in-hand with legacy systems, insurers can also integrate tools from different suppliers with minimal fuss. “It’s a more integrated network of components,” says Marriott, “and that allows you to scale up and scale down as the business changes, so firms can enter new markets and also leave markets in a more measured and dynamic way.”

However, he also notes that, in some ways, spending money comes all too easily within a cloud-based environment, so the C-suite must have a clear understanding of precisely where the cloud adds value. “You can add on servers and capability very easily, so you’ve got to be much more careful about controlling what you buy and why you buy it and then reducing capacity if warranted,” says Marriott.

Phillips outlines the questions that decision-makers must ask themselves before financing cloud infrastructure: “What are the cloud costs? How does it map back to the strategy? And who are the service and solution providers with deep experience that they can really partner with companies to obtain these cloud efficiencies?”

Beyond a company’s growth goals, reducing the demand on data centres also generates substantial energy savings, keeping organisations on track to meet their ESG ambitions. For example, Aviva is transitioning its life model to the Tyche platform. The anticipated speed and efficiency gains from the switch will allow the insurer to permanently reduce the number of servers it uses.

Meanwhile, Zurich Insurance has minimised its physical hardware by adopting Aon’s ReMetrica Cloud Solution. The global insurer’s catastrophe reinsurance model requires substantial computing power to run but is only operational at set times each month. After considering various infrastructure options – including upgrading its internal hardware – it now deploys the service on-demand. Zurich is only charged when it uses additional cloud capacity to run its model, and simulation time has been drastically reduced.

In other words, the cloud offers insurers a platform for meeting their green goals while supporting resilience, cost and efficiency gains. And the benefits reach far beyond the insurance industry, impacting businesses, governments and communities that need protection in a fast-changing world.

M247 opinion/thoughts

The Cloud can play a critical role in helping insurers navigate an increasingly complex and unpredictable landscape, offering fantastic gains in terms of agility, resilience and flexibility to ensure firms can thrive in a fast-changing world. Key to this is the access to advanced data analytics that the cloud affords, allowing insurers to gain valuable insights, make better-informed decisions and respond quickly to emerging risks and opportunities. Being able to model and simulate scenarios using AI and cloud-based tools opens up new possibilities and empowers firms to offer proactive and timely support, streamline workflows, reduce operational costs and, in some cases, reduce environmental impact.

It remains essential for individual decision-makers to carefully consider the value the Cloud can bring to their organisation, as well as to plan strategically to prevent unnecessary provisioning and spending.

In the age of the conscious consumer, it’s also incumbent upon insurers to ensure any sustainability claims can be backed up. The Cloud, like any technology, is energy-intensive and comes with a carbon footprint, and insurers wanting to avoid accusations of greenwashing will need to do their research around sustainability practices at their cloud provider’s data centres. With the right provider and the right solution, however, the Cloud offers an opportunity for insurer to drive innovation, improve customer experiences and loyalty, and drive their sustainability goals to create a brighter future for all stakeholders.

To download your complete copy of 2023 Cloud for Business report and read more articles like this, click here

The post Article of the Week: Risk and reward – How do insurers identify strategic value in the Cloud? appeared first on M247.

But what does this mean in the context of restricted budgets and reduced resource?  This week our focus article from the 2023 Cloud for Business report, as distributed by Raconteur in The Sunday Times, looks at the topic of cybersecurity and how businesses are responding to heightened cyber risk.

Given limited time and constrained budgets, businesses are finding the most effective solution to today’s increasing IT security demands is to bring in managed best-of-breed setups, backed by risk transfer services.

As mid-market businesses advance their cloud computing, digital transformation, and hybrid work models, significant cybersecurity challenges are emerging. For IT departments, the most pressing demand will be to manage and operate an unprecedented array of disparate connected devices, enabling users to access applications and data from branches, stores and field locations and home-working environments. They must also ensure there is a consistent quality of experience, without compromising security.

The problem for these technology teams is they often lack the resources of IT departments in larger corporations. They also face a confusing, extensive array of options when trying to make purchase and deployment decisions. Some respond to this issue by investing in services from a single vendor. This strategy may seem appealing from a management standpoint, but it typically involves using one-size-fits-all systems with limited effectiveness. Others attempt to combine multiple advanced technologies, and become submerged in the expense and intricacy of operating them.

Moving towards insurable setups

“Traditionally, many businesses have been advised by experts to put in a single vendor solution, with the aim being to reduce the integration burden and simplify control,” explains Gareth Davies, Executive Vice-President, managed services at Fulcrum IT Partners. “But this can be very misguided, as the vendor providing them with a firewall is not necessarily proficient at endpoint protection, for example. Moving to a single vendor also involves a significant operational transition that is costly and resource heavy.”

Some businesses are instead adopting the best-of-breed approach, choosing the most effective security and business continuity services in each area to achieve the strongest possible protection. However, these systems must be both fully integrated and independently managed on an ongoing basis to keep up with new security threats.

“For many companies, this is far too complicated and costly a challenge, and they will always lag behind the threats that are out there,” Davies says. With cybercrime and data breaches becoming increasingly commonplace, companies also need to consider their options for risk transfer. It is essential they put in place cyber insurance to cover financial losses associated with a cyberattack, such as legal expenses, data restoration costs and reputational damage. However, buying cyber insurance can be a challenge in itself. As a relatively new type of cover, there are many uncertainties and complexities associated with it. Cyber risks are constantly evolving, which makes it difficult for insurers to accurately assess the potential risks and develop adequate policies. As a result, it can be difficult to find an insurer willing to take on the risks associated with a particular business, and many insurers have either backed out of the market entirely or substantially reduced their cover.

“Insurers often rely on simple questionnaires that fail to establish satisfactory insights, leading them to decide they cannot quantify the risks with enough clarity,” Davies explains. “For companies, demonstrating robust cybersecurity practices is so difficult that many insurers will simply refuse to provide policies. When insurers do consider approving a client for cyber coverage, it’s often not at the price point or offering the level of cover that the customer requires.”

The rise of managed services

These dynamics have prompted the rise of more effective forms of managed security, which are capable of addressing the concerns of both mid-market businesses and the insurers seeking to financially protect them. These managed security providers have several core focus areas: implementing best-of-breed security from across different vendors, integrating those services, administering them, providing insights and protecting customers both operationally and financially.

Businesses are increasingly working with managed service providers to ensure they have this level of defence and financial protection. “It’s incredibly challenging for businesses in the mid-market to ensure they have the right levels of protection in place, and to be sure they can recover systems quickly in the event of a breach. We work with our customers to assess their setup, advise on security choices, implement the relevant systems, and then manage the technology on an ongoing basis,” Davies says. “We invest heavily to ensure our staff are fully up-to-date with the latest innovations in cybersecurity and emerging threats, so we can better protect businesses.”

Secure SD-WAN in practice

One of the first steps is to implement a managed, secure SD-WAN layer. By adding this virtualised layer to their wide area networks, businesses become more agile and can unlock cost savings in their connectivity, all while increasing security and observability.

“We offer businesses a secure SD-WAN solution called Titanium, which converges high-performance SD-WAN and virtual, next-generation firewall-security capabilities into a single managed service. This removes the complexity of managing multiple network and security point products, while delivering a secure, optimised network experience across users, devices and applications. And for many companies, this can also unlock the opportunity for some cyber risk transfer and warranty, providing additional protection and peace of mind,” Davies explains.

Companies often operate highly distributed environments, spanning multiple industries and geographies. Migration to a managed, secure SD-WAN solution enables the introduction of effective multi-layered security, reduced costs and improved application effectiveness and control. For mid-market businesses, although there is no silver bullet to protect against the ever-growing array of cybersecurity threats, there are some highly innovative response services available. With new approaches to layering security with SD-WAN technology, backed by strong access to relevant cyber insurance, companies can protect their business operations and data from an evolving threat landscape. And they can do it in a way that is both simple and affordable.

M247 thoughts: 

There’s no doubt businesses across all sectors are feeling the pinch at the moment. It’s been a difficult few years for most, with the impact of Covid-19, Brexit, market uncertainty and the cost of living crisis converging to paint a pretty bleak picture for budgets. Then factor in an increased cyber threat and an unprecedented IT talent shortage, it’s no wonder so many mid-sized businesses are looking to managed service providers to help them get more security bang for their IT buck.

The impact of the talent shortage isn’t simply about resources, of course. Although businesses taking care of their own cybersecurity do need the manpower to deploy and maintain functions, they also need the time to invest in keeping abreast of the latest threats, attack vectors and preventative tools. This would arguably be more than a full-time job for even a decent-sized IT team. Businesses are increasingly aware of this, and are turning to managed solutions from trusted providers who have not only the time, talent and resources to commit to the task, but access to better rates on the best tech. And when businesses leverage multiple solutions from multiple vendors, each with a different specialist product, these benefits are multiplied to arm businesses with the most robust, most cost-effective cyber protection.

Gareth Davies is right in suggesting SD-WAN will form the strongest possible foundation for multi-vendor cybersecurity. Over the next few years many businesses are likely to be making the decision about whether or not SD-WAN is the right choice for them, and it’s likely to become a key security differentiator for those that opt for deployment. SD-WAN is a primary enabler of secure access service edge (SASE) solutions like ZTNA, secure web gateway and next-gen firewalls, among others, and these will be crucial for protecting businesses as attack surfaces grow and cybercriminals become increasingly sophisticated.

It’s worth also bearing in mind that, with insurers looking increasingly reticent about cybersecurity policies, the strictest security measures will increase the chances of getting cover. Many insurers have tightened up their underwriting guidelines and are asking more questions of the businesses applying for cyber liability insurance. Those businesses leveraging the best solutions from multiple trusted providers will be the ones that are able to mitigate even more of the financial risks associated with cyberattacks, putting themselves in the best possible position to safeguard their assets and reclaim any losses.

To download your complete copy of 2023 Cloud for Business report and read more articles like this, click here

The post Article of the Week: Why businesses are moving to managed multi-vendor cybersecurity appeared first on M247.

Our article of the week series highlights key themes and content from the 2023 Cloud for Business report. This week’s article looks at how retailers can adopt a data-driven approach and utilise cloud-based technology to help enhance their customer understanding.

Retail is the beating heart of the UK economy, directly responsible for 5% of GDP and nearly a tenth of all employment, according to the ONS. Indirectly, its impact is even greater. As a principal touchpoint for consumer spending, however, it feels the peaks and troughs of economic activity the sharpest. This has been accentuated by a shift to ecommerce, which had grown gradually over two decades and then drastically accelerated when Covid-19 restrictions pushed online shopping to over 30% of retail sales.

Although the Bank of England now predicts a recession in 2023 to be shallower and shorter than previously expected, this particular economic downturn is unique in that retailers are feeling the impact on both their sales and their cost base. Typically, unemployment increases in a recession and a surplus of available talent enables companies to better control their salary bills. But this time, with unemployment at record lows and inflation high, retailers are under pressure to pay their staff and suppliers more while their customers are spending less during the cost-of-living crisis.

The pandemic and Brexit also magnified flaws in the just-in-time supply chains that have become prevalent in recent years. While this model enables companies to be lean and agile during normal times, when supply or demand is majorly affected they can quickly find themselves unable to keep up with customer orders, affecting loyalty. In a study by Edit and Kin + Carta, just 6% of consumers claimed loyalty to any ecommerce brand, making it the worst-performing sector. Retailers are often guilty of conflating customer habits with customer loyalty. Rather than just repeat behaviour, the true factors of a customer’s loyalty are likely to be convenience, cost and inclusivity.

“We’ve seen consumer expectations shift drastically over the last few years, from demands for seamless ecommerce platforms and sustainable produce and packaging to how they discover, purchase and pay for goods,” says Andre Azevedo, CEO of Ancoris, which helps companies innovate and transform through the use of Google Cloud. “The reality of retail is that it’s so affected by external factors. But consumers are in fact still spending – albeit in a more targeted way – and there are plenty of ways retailers can remain competitive. The answer is in the data.”

The power of a single customer view

As a key enabler of an AI and data driven retail strategy, the Cloud is crucial. The route to brand loyalty in the retail sphere remains startlingly simple – deliver to customers the products they want, at the time they want them, through an easy process of buying and (if necessary) returning. But achieving that in an increasingly omnichannel environment is far from simple, and altogether impossible without the ability to centralise, organise and analyse data.

Customer centricity requires a holistic understanding of the customer, which can only come from a single view of all relevant data, enabling retailers to make better and more informed decisions throughout the entire life cycle of getting a product to a consumer. That single-customer view not only enables an understanding of what they want today, but also predicts and helps influence what they are likely to buy in the future. Such a nuanced and evolving understanding of customers relies heavily on the right data. “That’s where cloud technology comes into play,” says Azevedo. “You need a secure, robust place to store, organise and apply machine learning and AI models to your data, and visualise it in a way that enables decision-making. The cloud is a key enabler for implementing these transformative processes.”

Cloud technology and digital platforms are intrinsically linked as they can be built and improved quickly, as well as scale virtually without limits. Cloud technology is now incredibly mature and includes lots of best practices and out of the box solutions that customers can leverage to accelerate adoption, build their IP on top, and ultimately deliver frictionless digital experiences for their consumers.

Retail for the future

The technology is only one piece of the puzzle, however. It’s only when customers can apply cloud technology to build industry-specific solutions that they see true transformative impact. Ancoris leverages Google Cloud suite of technologies combined with industry expertise and capabilities to build bespoke solutions that solve specific retail use cases, such as increasing personalisation, building the modern store, capturing omnichannel revenue and driving sustainable operations.

“Retailers can and absolutely will thrive in the future, including physical stores, but only by providing an experience that customers really want. They have to use data and AI to build out a single view of the customer to predict what is going to be most valuable to their customers. Only by doing that can they really meet the needs of consumers wherever they are in the omnichannel journey. Industry focused solutions will bring best-in-class technology to companies to differentiate them by focusing on experience and bringing their brand promise to life in the most compelling way.”

M247 thoughts: 

For retailers, taking a customer-centric approach to business strategy is becoming less a ‘nice to have’ and more an absolute must, especially if they want to remain competitive. Customers have more choices than ever before, and their purchasing experiences are fast becoming the primary differentiator when it comes to choosing – or losing – a brand.

The premise of this article is that customers want a frictionless brand experience, whether that’s finding the right product within seconds of beginning a search, making a purchase in as few actions as possible, or being able to contact customer service teams whenever and however it fits in with their lifestyle. Whether or not this is true of all consumers, it can certainly be said that data is the key to unlocking this type of omnichannel experience.

But businesses need to avoid the trap of thinking more data is better. Great customer experiences rely not just on data, but on good data.

 In order to deliver the best customer-centric experiences, businesses need to do more than simply collect data about the people who are buying from them. They need to collect relevant data, manage it effectively, eliminate data silos, connect and enrich relevant programs, platforms and applications, and then deliver actionable insights to the people who need and can act on them.

 The right cloud solutions, supporting the right automation, analytics and AI tools, can undoubtedly help to streamline the customer journey, but the onus is on businesses to ensure they are collecting the right data from the right sources – to not only ensure those tools are working effectively, but protect customer privacy and nurture that all-important trust.

To download your complete copy of 2023 Cloud for Business report and read more articles like this, click here

The post Article of the Week: Customer centricity, data and AI – a future-proofing trinity for retailers appeared first on M247.

In the latest instalment of our Cloud for Business article of the week series, where we highlight key themes from the Raconteur report distributed in The Sunday Times, we take a look at why businesses may be turning their backs on public cloud and bringing data and applications back in-house.

For well over a decade, businesses of all sizes have steadily placed their digital systems onto platforms run by large cloud providers. Everything from CRM and data storage, to new applications and analytics, have ended up on the servers of major cloud providers, which are shared between multiple businesses.

While executives often have strong expectations about saving money and ensuring elastic scalability, the realities of using public cloud services can be more complex. In many cases, businesses endure spiking costs, unexpected add-on expenses, security problems and little influence over the technology being used. A recent outage at one of the world’s largest cloud providers saw thousands of businesses’ core email and collaboration systems go offline for several hours.

“The buzz around public cloud provision has been really big, and to some degree that’s understandable given its scalability. But businesses rarely understand what they are actually getting into,” explains Jake Madders, co-founder and director of managed hosting provider, Hyve.

Typically, migrations to the public cloud are kicked off by well-intentioned developers, who see its capacity to support important and growing applications without having to buy new servers. But prices are rising as the number of providers in the market dwindles. Companies also experience ‘bill shock’ when they have surges in network traffic, which can happen for reasons as diverse as a successful marketing campaign and a DDoS  security attack.

There is another hidden cost. “Typically, businesses moving to the public cloud quickly find they need consultancies to help them manage the technology on a daily basis, given the complexity of choices in front of them at every stage. These consultancy costs often equal or exceed the actual cloud provision costs and these challenges have prompted many businesses to rethink their approach. There has been a strong trend towards cloud repatriation, which means pulling data and apps out of the public cloud, and back into controlled, secure private cloud setups,” explains Madders.

Private cloud gives businesses their own managed, dedicated servers, stronger security, better disaster recovery and backup options, consistent support and much more control over costs and technology choices.  Businesses are choosing and running powerful, cost-effective and secure private clouds that meet local needs, including around low latency, data sovereignty and on-the-ground support.

“Choosing servers, processing power and a myriad other options is incredibly complex, particularly from a cost and performance perspective. As businesses look to retake control of their cloud infrastructure, moving away from a reliance on a single provider, they are turning to the private cloud. Doing so empowers them in mission-critical areas – including high-performance computing and artificial intelligence – massively increasing their business capabilities and efficiencies.”

M247 thoughts: 

Businesses looking at the headline costs of public cloud might understandably be weighing up the financial benefits of repatriation – not just to private cloud, but back to private servers. The cost of networking, storage and compute hardware has dropped over the past decade, and in certain cases it will make economic sense to move workloads back to traditional data centres.

But businesses also need to consider why their public cloud costs might be so high. Chances are, there are some inefficiencies that can be remedied.

At the height of the pandemic, many businesses were forced into lightning-quick cloud migration. They took a lift-and-shift approach, and had little time to refactor workloads, applications, data and systems for the cloud.

Consequently, they haven’t been able to take advantage of the native capabilities of the public cloud that would have driven operational and cost efficiencies. Auto-scaling, security and storage management functionality has been largely inefficient for many businesses, and they have ended up paying extra for the cloud provider to manage the complexity.

Retrospective refactoring can be time-consuming and costly though, and it may make sense for some of these businesses to repatriate some of their workloads. If certain workloads and data just need to be stored – untouched – for a period of time, repatriation to physical servers may make sense. But if it’s to be processed for business intelligence, it may make sense to keep it in the cloud and repatriate to a private setup to harness the advanced insights and analytics that can support growth-driving initiatives.

It’s also worth noting that, in the intervening years between migration and now, some workloads will have become public-cloud dependent, with specialised and advanced IT services involved. In these cases, repatriation to private cloud or on-premise hardware could prove a costly and complex process, or even impossible.

Businesses will need to pay careful consideration to all these factors when considering whether (and which type of) repatriation makes the best sense for them.

To download your complete copy of 2023 Cloud for Business report and read more articles like this, click here

The post Article of the Week: Why cloud repatriation is a 2023 priority appeared first on M247.

In our focus feature, this week’s article of the week from the 2023 Cloud for Business report by Raconteur, as distributed in The Sunday Times, explores Mark Ballard’s article on this hot topic.

Some states have taken such strong measures to impose their sovereign power over the internet that it has created a reckoning among global powers. Brexit threw the UK right into the centre of the argument

The UK’s digital legal regime has been uncertain since it left the European Union, with a reform of the landmark EU privacy law stalled in parliament, and numerous regulatory reviews and proposals underway. Tech firms have called for clarity, and expressed fear that the government will make the UK into such a maverick regime that they will be blocked from doing digital business overseas.

The UK took a markedly transatlantic stance in reforms it began last year, and in digital trade negotiations it has been participating in around the world. Europe’s GDPR, widely celebrated as the gold standard in privacy, has already influenced legal reforms across the globe, from Brazil to India, Rwanda to South Korea. Some US states are even taking cues from European standards.  Commentators say this was the aim of Europe’s digital agenda: to assert its digital sovereignty by drafting laws to protect individual human rights in cyberspace and to project them around the world.  For the UK meanwhile, Brexit had been its own act of digital sovereignty, says Sarah Pearce, a partner in global privacy and security law with Hunton Andrews Kurth. By separating data law from the EU, the UK has taken active ownership of it.

UK tech firms have been both worried and encouraged by the draft bill that followed that separation: the Data Protection and Digital Information Bill. Phil Bindley, director of cloud computing at UK-based Intercity, says his business has been left guessing about how the proposals will affect it.  The draft bill promises a “bold”, extra-EU data regime that will be “pro-growth” and designed to make it easier for companies to innovate with the use of data.

Nevertheless, says Bindley: “The regulatory uncertainty is a sword of Damocles hanging over our heads. It’s very difficult to make strategic decisions.” Bindley says GDPR brought the realisation to many businesses that the data they hold isn’t theirs. “You are the custodian of it. GDPR was a great step forward,” he says.

Regulatory uncertainty had since suppressed UK innovation and growth, Chi Onwurah, the Labour Party’s shadow minister for science, research and innovation, told a conference of software engineers in February.  The Conservative government’s tech policy lacked ambition and was “wholly inadequate”, she said, because it treated regulation as a barrier to innovation and growth. She went on to explain that regulation actually created growth, because it gave people trust in technology, which brought tech firms more users. And more users brought more investors. Yet Matt Peake, policy director for Onfido, a global UK artificial intelligence software firm, points out the dangers of overly stringent regulation.

“GDPR can act as a break on innovation and a chill on investment. There are a lot of hoops and hurdles to go through to generate new products,” he comments. For all its good points, “it can be over-restrictive, highly burdensome, quite costly to comply with and goes beyond what it needs to protect user data,” he says.

Onfido had been trying to use its customer data in innovative ways, but repeatedly found that EU rules make it “really, really difficult”. It had tried to build new services for its customers in financial services and found they were afraid to use them for fear of being prosecuted.  But Peake also worries that the UK will diverge so far from GDPR that it will lose its adequacy in EU law. A formal EU adequacy decision in 2021 granted EU and UK firms permission to share data because post-Brexit Britain had not diverged from the data statute it inherited from the EU, but this decision could be reassessed.

“We need to process data all over the world with minimal restrictions. The risk is we take a data sovereign approach and it becomes harder,” says Peake. He fears a global fragmentation of data flows.

Eve Maler, chief technology officer of identity software firm ForgeRock, believes the world is entering an Era of heavy regulation of AI and data and is also concerned about the impact. “It can be an overwhelming burden,” she says. “I’m concerned with crushing innovation.” She thinks the government should leave the market to innovate choice for users, and keep regulation to defining broad principles of behaviour, which should be stated in the negative.

In an October 2022 edition of the Maastricht Diplomat podcast, Margrethe Vestager, the European commissioner responsible for data, AI and social media, stressed that choice is an aim of the “digital agenda” by which the EU has been extending its digital sovereignty.

The energy and commodity shortages that have followed Russia’s invasion of Ukraine have exposed clear vulnerabilities in the EU’s dependence on Russian fossil fuel and Ukrainian minerals. The EU’s sovereignty push, which strove beyond data privacy to build indigenous cloud and chip industries that could rival those of US and Chinese firms, likewise strove to reduce the EU’s dependence on sole foreign suppliers.  But Europe’s digital sovereignty project has drawn comparisons to authoritarian regimes such as China and Russia. It has also attracted criticism from the White House, which lobbied against elements of the EU’s proposals.

Europe insists that it seeks not separation but a competitive market that brings choice of technologies. Western countries, citing fear of foreign interference, have meanwhile stopped Chinese tech firms from dominating communications infrastructure within their borders, and blocked Russian misinformation in digital media.  Choice aside, Suki Dhuphar, head of EMEA at software firm Tamr, believes innovations in EU government data processing are held five to 10 years behind China and the US by heavy regulation. “Rightly or wrongly”, China’s advanced handling of data, such as issuing automatic fines to jaywalkers, set an example. UK reforms would ease rules on police data processing, but such innovations are being challenged in EU courts.

Widespread mistrust of the internet was apparent in conversations that Joe Baguley, EU chief technology officer of cloud software firm VMware, has had with government officials around the world, and with executives from all sectors of industry.  Government officials have increasingly asked Baguley for his advice on building sovereign cloud-computing systems within the borders. Their motivation is to ensure that the most sensitive data isn’t stored in some other country where foreign governments might interfere with it.

The UK made combating such fears one of the main thrusts of its post-Brexit digital policy. Declaring mistrust a risk to global trade that could be resolved only by the recognition of common data-privacy rules in international forums, it pursued agreement on “global trusted data flows” in the OECD and G7 clubs of democratic nations.

In December, it struck a trade agreement with Japan, which had been striving for a common global data adequacy. This issue was also on the agenda of talks which the UK and US opened in January.  Trust was in the spotlight again – after the US wrote into an adequacy agreement with the EU a capitulation to various long-standing demands for checks on US interference in cyberspace.  Their agreement sought to heal mistrust that stemmed from the infamous Snowden revelations that the US, hunting for terrorists, had tapped the world’s internet traffic in ways that federal law forbade it from doing to its own citizens. The US relinquished some of this sovereign power it had assumed over the global internet.

The OECD, where the UK took its effort to establish a “pro-growth and trusted data regime”, turned the US intelligence reforms into a pledge by which other countries said they would pursue the same course. The Covid outbreak exposed how severe public distrust was in the internet when it emerged that people in minority, vulnerable and disadvantaged communities withheld data from health authorities for fear it would be used against them by other agencies with nefarious intent.

In reality, the laws underpinning the EU’s digital agenda were never about sovereignty. They were only an attempt to restore people’s trust in cyberspace, so that digital trade and firms could thrive. This point was made by Werner Stengg, one of the architects of the  EU laws in Vestager’s office, in a webinar by The Atlantic Council, a US think-tank, in November.  Software firms celebrated UK proposals to pare back the EU rules, which would allow personal data troves to be used for research and development, and soften permission requirements around data use.

The UK data regulator made the first step, for the sake of innovation and growth, by allowing firms to decide when, where and how it was safe to trade data with foreign regimes based on a mere risk assessment, instead of detailed and onerous comparisons required by the EU.

M247 thoughts: 

In a globalised world, where masses of digital data are generated every second of every day, the waters of data sovereignty are muddy to say the least. In many ways, the issue for businesses is less about drawing lines of geographical ownership around intangible data, and more about simply protecting that data, wherever it is being held.

Firms in certain sectors will necessarily focus on the economics of data protection legislation because, for them, data is currency; something to be monetised for innovation and growth. But for most businesses, data sovereignty is about looking after the customers who keep them running.  Businesses rely increasingly on cloud solutions and internet-based applications, and this means data is being stored and processed in more ways and places than ever before. And with the UK’s regulatory future beyond 2025 still looking unclear, it’s important for businesses to do their own due diligence when it comes to protecting themselves, as well as their customers and partners.

It’s important for businesses to know where their data resides, what’s in the cloud provider’s small print, and who is responsible for the security of that data. Because even if data is sat on a server in the UK, the company managing the service could well be based elsewhere in the world and governed by different laws. Amazon Web Services, for example, has UK data centres, but it is an American company with a global support staff and system administrators. Both companies are responsible for securing the data, but which would be held legally responsible if it was stolen?  In the event of a breach of UK consumers’ data, the Information Commissioner’s Office will be unforgiving of businesses who haven’t done their due diligence and implemented every protection possible.

More than that, consumer expectations around data are such that, if they can’t be assured their personal information is in safe hands, they will take their business elsewhere. GDPR went a long way in solidifying the idea that data belongs to the subject, not the business it is being entrusted to. Following Brexit, UK legislators now face the unenviable task of wrangling data laws into some semblance of submission while balancing the needs of businesses and the expectations of consumers.

Arguably, any resulting legislation needs to be thought of as the end point for businesses, rather than a place to begin. Responsible, forward-thinking businesses will already be thinking of customer data as a privilege to hold and an asset to be protected. But the sheer volumes of data being generated can be overwhelming, and businesses may want to considering partnering with a trusted third-party provider who can take care of data management, storage, security, backup and yes, compliance, for them.

To download your complete copy of 2023 Cloud for Business report and read more articles like this, click here

The post Article of the Week: What digital sovereignty means to the UK appeared first on M247.

But what does this mean in the context of restricted budgets and reduced resource?  This week our focus article from the 2023 Cloud for Business report, as distributed by Raconteur in The Sunday Times, looks at the topic of cybersecurity and how businesses are responding to heightened cyber risk.

Given limited time and constrained budgets, businesses are finding the most effective solution to today’s increasing IT security demands is to bring in managed best-of-breed setups, backed by risk transfer services.

As mid-market businesses advance their cloud computing, digital transformation, and hybrid work models, significant cybersecurity challenges are emerging. For IT departments, the most pressing demand will be to manage and operate an unprecedented array of disparate connected devices, enabling users to access applications and data from branches, stores and field locations and home-working environments. They must also ensure there is a consistent quality of experience, without compromising security.

The problem for these technology teams is they often lack the resources of IT departments in larger corporations. They also face a confusing, extensive array of options when trying to make purchase and deployment decisions. Some respond to this issue by investing in services from a single vendor. This strategy may seem appealing from a management standpoint, but it typically involves using one-size-fits-all systems with limited effectiveness. Others attempt to combine multiple advanced technologies, and become submerged in the expense and intricacy of operating them.

Moving towards insurable setups

“Traditionally, many businesses have been advised by experts to put in a single vendor solution, with the aim being to reduce the integration burden and simplify control,” explains Gareth Davies, Executive Vice-President, managed services at Fulcrum IT Partners. “But this can be very misguided, as the vendor providing them with a firewall is not necessarily proficient at endpoint protection, for example. Moving to a single vendor also involves a significant operational transition that is costly and resource heavy.”

Some businesses are instead adopting the best-of-breed approach, choosing the most effective security and business continuity services in each area to achieve the strongest possible protection. However, these systems must be both fully integrated and independently managed on an ongoing basis to keep up with new security threats.

“For many companies, this is far too complicated and costly a challenge, and they will always lag behind the threats that are out there,” Davies says. With cybercrime and data breaches becoming increasingly commonplace, companies also need to consider their options for risk transfer. It is essential they put in place cyber insurance to cover financial losses associated with a cyberattack, such as legal expenses, data restoration costs and reputational damage. However, buying cyber insurance can be a challenge in itself. As a relatively new type of cover, there are many uncertainties and complexities associated with it. Cyber risks are constantly evolving, which makes it difficult for insurers to accurately assess the potential risks and develop adequate policies. As a result, it can be difficult to find an insurer willing to take on the risks associated with a particular business, and many insurers have either backed out of the market entirely or substantially reduced their cover.

“Insurers often rely on simple questionnaires that fail to establish satisfactory insights, leading them to decide they cannot quantify the risks with enough clarity,” Davies explains. “For companies, demonstrating robust cybersecurity practices is so difficult that many insurers will simply refuse to provide policies. When insurers do consider approving a client for cyber coverage, it’s often not at the price point or offering the level of cover that the customer requires.”

The rise of managed services

These dynamics have prompted the rise of more effective forms of managed security, which are capable of addressing the concerns of both mid-market businesses and the insurers seeking to financially protect them. These managed security providers have several core focus areas: implementing best-of-breed security from across different vendors, integrating those services, administering them, providing insights and protecting customers both operationally and financially.

Businesses are increasingly working with managed service providers to ensure they have this level of defence and financial protection. “It’s incredibly challenging for businesses in the mid-market to ensure they have the right levels of protection in place, and to be sure they can recover systems quickly in the event of a breach. We work with our customers to assess their setup, advise on security choices, implement the relevant systems, and then manage the technology on an ongoing basis,” Davies says. “We invest heavily to ensure our staff are fully up-to-date with the latest innovations in cybersecurity and emerging threats, so we can better protect businesses.”

Secure SD-WAN in practice

One of the first steps is to implement a managed, secure SD-WAN layer. By adding this virtualised layer to their wide area networks, businesses become more agile and can unlock cost savings in their connectivity, all while increasing security and observability.

“We offer businesses a secure SD-WAN solution called Titanium, which converges high-performance SD-WAN and virtual, next-generation firewall-security capabilities into a single managed service. This removes the complexity of managing multiple network and security point products, while delivering a secure, optimised network experience across users, devices and applications. And for many companies, this can also unlock the opportunity for some cyber risk transfer and warranty, providing additional protection and peace of mind,” Davies explains.

Companies often operate highly distributed environments, spanning multiple industries and geographies. Migration to a managed, secure SD-WAN solution enables the introduction of effective multi-layered security, reduced costs and improved application effectiveness and control. For mid-market businesses, although there is no silver bullet to protect against the ever-growing array of cybersecurity threats, there are some highly innovative response services available. With new approaches to layering security with SD-WAN technology, backed by strong access to relevant cyber insurance, companies can protect their business operations and data from an evolving threat landscape. And they can do it in a way that is both simple and affordable.

M247 thoughts: 

There’s no doubt businesses across all sectors are feeling the pinch at the moment. It’s been a difficult few years for most, with the impact of Covid-19, Brexit, market uncertainty and the cost of living crisis converging to paint a pretty bleak picture for budgets. Then factor in an increased cyber threat and an unprecedented IT talent shortage, it’s no wonder so many mid-sized businesses are looking to managed service providers to help them get more security bang for their IT buck.

The impact of the talent shortage isn’t simply about resources, of course. Although businesses taking care of their own cybersecurity do need the manpower to deploy and maintain functions, they also need the time to invest in keeping abreast of the latest threats, attack vectors and preventative tools. This would arguably be more than a full-time job for even a decent-sized IT team. Businesses are increasingly aware of this, and are turning to managed solutions from trusted providers who have not only the time, talent and resources to commit to the task, but access to better rates on the best tech. And when businesses leverage multiple solutions from multiple vendors, each with a different specialist product, these benefits are multiplied to arm businesses with the most robust, most cost-effective cyber protection.

Gareth Davies is right in suggesting SD-WAN will form the strongest possible foundation for multi-vendor cybersecurity. Over the next few years many businesses are likely to be making the decision about whether or not SD-WAN is the right choice for them, and it’s likely to become a key security differentiator for those that opt for deployment. SD-WAN is a primary enabler of secure access service edge (SASE) solutions like ZTNA, secure web gateway and next-gen firewalls, among others, and these will be crucial for protecting businesses as attack surfaces grow and cybercriminals become increasingly sophisticated.

It’s worth also bearing in mind that, with insurers looking increasingly reticent about cybersecurity policies, the strictest security measures will increase the chances of getting cover. Many insurers have tightened up their underwriting guidelines and are asking more questions of the businesses applying for cyber liability insurance. Those businesses leveraging the best solutions from multiple trusted providers will be the ones that are able to mitigate even more of the financial risks associated with cyberattacks, putting themselves in the best possible position to safeguard their assets and reclaim any losses.

To download your complete copy of 2023 Cloud for Business report and read more articles like this, click here

The post Article of the Week: Why businesses are moving to managed multi-vendor cybersecurity appeared first on M247.

A change of topic this week, as we shift our focus to cybercrime. In the recent Cloud for Business report by Raconteur, as distributed in The Sunday Times, Laurie Clark asked whether CIOs needed to rethink their security amid a vast increase in attack surface.

The explosion in the number of remote workers using virtual private networks since 2020 has vastly increased the attack surface for cybercriminals. This is prompting a security rethink among CIOs.

At the end of last year, network security giant Fortinet warned clients that zero-day vulnerabilities in its virtual private networks had been exploited by hackers in a way that could grant them control of vulnerable VPN servers. It said that this sophisticated attack seemed to be the work of a state-level group seeking to target other national governments.  There was fevered bartering on the dark web for the hackers’ successful code. Other criminals used the exploit script in their attempts to infect a global investment firm and a Canadian college with ransomware.

Many firms used VPN technology at the start of the pandemic to share their data. The Covid crisis brought with it a steep rise in cybercrime in 2020, partly because the widespread move to remote working that started during the first lockdowns created so many more potential weak spots for criminals to probe. The kind of attack that affected Fortinet – the targeting of VPN vulnerabilities – has become far more common than it was before the pandemic. The VPN’s status as a secure solution has therefore declined significantly in the past couple of years. In the US, for instance, the FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency have all warned businesses about the weaknesses of VPNs.

For the millions of companies that have adopted a hybrid working model over the same period, the need to give staff secure remote online access has outlived the lockdown era. With these security concerns in mind, firms are focused on exploring alternative approaches. Some industry insiders believe that VPNs are still workable in concert with other measures, while others favour a shift to an entirely new set of security protocols. J D Sherry, a partner in the consultancy practice at cybersecurity firm Istari, is in the first camp. “While VPNs can be effective tools for ensuring data security, companies can become overly reliant on them,” he argues, adding that their use can create a false sense of security, even though their defences can easily be bypassed if users don’t practise basic cybersecurity hygiene. “A VPN can encrypt data and protect against certain types of attack, but it isn’t a silver-bullet solution,” Sherry says.

Phil Robinson, principal consultant at cybersecurity consultancy Prism Infosec, is more cautious about the security offered by VPN servers and attached devices. These are susceptible to software vulnerabilities, including serious flaws that would allow attackers to gain access and even full control, he contends. Robinson points out that other big commercial VPN vendors, including Cisco and Juniper, have been found to have coding frailties or weak protocols for authentication or encryption.

In the recent Fortinet case, an authentication bypass vulnerability enabled unauthenticated users to access devices on the network. Such incidents have prompted many experts in the field to declare the imminent demise of VPNs. But Robinson – despite his criticisms of the technology – isn’t one of them. “Contrary to popular opinion, the VPN is not dead – yet,” he says. Indeed, companies may not need to discard VPNs at all. There are several ways in which a firm can make them more secure.

Number one is choosing a reputable provider that works to strong encryption standards. Moreover, two straightforward practices that will hugely improve security are using two-factor authentication and updating software regularly to obtain the latest patches. Paul Bischoff, editor and consumer privacy advocate at Comparitech.com, says of two-factor authentication: “Requiring a one-time PIN or passcode when logging into the VPN will prevent many attacks that would otherwise result from credential theft. Two-factor authentication may be an inconvenience for employees, but it is worth it.”

As for ensuring that the software is updated regularly, Bischoff points out that nearly every vulnerability, once discovered by the vendor, will be eliminated in the very next update. This means that “only businesses that refuse or ignore security updates” would remain at a high risk of getting hacked. Any company that’s slow to upgrade its VPN software for whatever reason is making itself a tempting target for ransomware gangs and other threat actors. This is why the US National Security Agency issued a cybersecurity advisory notice in October 2019 that strongly urged firms to pay attention to updates issued by their VPN providers and install the patches as soon as they became available.

Another straightforward safeguard that employers should implement is a so-called least privilege regime, meaning that a particular user has access only to networks and services that are crucial to their work. Such features are likely to be built into cloud-based VPNs. Some experts believe that the main weakness associated with VPNs is human rather than technological, with criminals using social engineering methods such as phishing to steal users’ credentials. This, they argue, means that providing cyber-security awareness training for all staff is one of the most effective ways for an employer to protect itself.

In his role as a director and solicitor-advocate at law firm Freeths, Will Richmond-Coggan specialises in group litigation arising from cybersecurity breaches. He contends that “something like a VPN – if properly understood and configured – can be an important part of a business’s armour. But it should be part of a wider jigsaw of protections that are assembled with a good understanding of the business, how it operates and the risks it faces.” But fast-developing trends in network tech and the emergence of new tools mean that the situation is changing, according to Robinson. “Realistically, the ‘deperimeterisation’ of the network and the demand for remote access mean that the days of the VPN are numbered,” he says.

The replacement for VPN is generally agreed to be the ‘zero-trust’ approach, which is more of a concept covering the interaction of products across identity verification, access management and network segmentation. The approach takes as a starting point the notion that no device or user seeking access to a network is to be trusted. With a VPN, on the other hand, once a user is authenticated, they can typically access the entire network. Traditional products won’t raise an alarm if that person logs in from a different location or in any way act suspiciously.

Instead, zero trust relies on a series of ID and access management tools, such as multi-factor authentication and device profiling, to grant access on a case-by-case basis. The concept has caught on: 80% of IT and security professionals responding to a 2022 survey by Cloud Security Alliance said that adopting zero-trust systems was a high priority for them.

But the move from VPNs to zero trust is likely to take years. Businesses tend to rely on legacy systems that are designed to work with VPNs, which means that many of them will probably need to be replaced too. “The network needs to be micro-segmented to limit access, which can be both complex and costly to achieve,” says Robinson who adds that zero trust is “very much a strategy with no one-size-fits-all solution. Projects are bespoke and will require a range of solutions.”

What, then, is the first big hurdle for IT chiefs to clear on the way towards a zero trust regime? Robinson suggests that persuading the rest of the C-suite – who may believe that the VPN is working just fine as it is – of the need for change could be quite the challenge. “Until they can convince those at board level that zero trust isn’t a passing fad but is essential in securing a distributed enterprise”, he says, “many zero-trust projects will struggle to get off the ground.”

M247 thoughts: 

As a long-standing proponent of business network security, M247 champions multi-factor authentication, cybersecurity training, least-privilege access and robust firewall policies as bare-minimum requirements for VPN protection. As long as these cybersecurity measures are being implemented, and tools are being patched with the latest updates, VPN can still offer a good networking solution for businesses with remote and hybrid workers.

For many business, however, the increasing complexity of the network, with the addition of IoT devices, BYOD policies, home working and increasing use of cloud technologies, means VPNs may be falling short in terms not only of security, but capabilities. For these businesses, where the network perimeter has been all but blown wide open, it’s simply no longer feasible for CIOs to maintain crystal-clear oversight of the attack surface. A flexible and robust zero-trust architecture can help secure the new ‘perimeter-less’ network, and makes good operational sense.

Getting buy-in at board level for the large-scale infrastructure changes necessary to facilitate this won’t be easy – but the potential cost of a successful cyber or ransomware attack cannot be dismissed out of hand. Businesses still using VPNs to connect remote teams with networks will need to ask themselves if the trade-off is worth it, or whether a financial outlay in the short term is worth the increased protection and a future-proofed network in the longer term.

To download your complete copy of 2023 Cloud for Business report and read more articles like this, click here

The post Article of the Week: Are VPNs becoming a liability? appeared first on M247.