NCLATEST

NETWORKcomputing

I N F O R M A T I O N A N D C O M M U N I C A T I O N S – N E T W O R K E D

MISSION-CRITICAL RESILIENCE

A behind-the-scenes perspective on building

a national network for ambulance services

AUTONOMOUS

NETWORKS

How to make mathematical

accuracy count

THE FUTURE OF WORK

Building the modern

workspace

FROM IPV4 TO IPV6

Bridging the monitoring gap

MAY/JUNE 2026 VOL 35 NO 02

WWW.NETWORKCOMPUTINGAWARDS.CO.UK

Thank you to everyone who attended the Network Computing Awards ceremony!

The Network Computing Awards of 2026 are sponsored by:

COMMENT

COMMENT

TAKING HOME THE TROPHIES FOR 2026

This issue comes to you hot on the heels of the 20th annual Network Computing

Awards, which took place on 21 May at an evening awards ceremony in London's

Bloomsbury, so we just have time to include news of some of this year's winners

here ahead of a full round-up in a future issue of the magazine and the Network

Computing newsletter. You'll find a full list of winners and runners-up on the Network

Computing Awards website.

Our 2026 winners include BlueCat Networks, who triumphed in four categories with

Integrity X, including the coveted Product of the Year Award. "Integrity X could be a

game changer for enterprises managing complex on-premises and cloud network infrastructures,"

according to David Mitchell in his review earlier this year, and that certainly

proved to be the case on the night.

Our other winners include WatchGuard Technologies, who won the Network Security

Product of the Year category for the Firebox M Series, and Zyxel Networks, who won

the Network Management Product of the Year award for Nebula. The Hardware

Product of the Year award went to NetAlly for the LinkRunner AT 1500, and Northdoor

took home the trophy for the IT Services Company of the Year, while Arqit won New

Product of the Year for their SKA Edge Controller (they also won our music quiz but

that comes with bragging rights and a bottle of champagne rather than a trophy!).

REVIEWS:

Dave Mitchell

DEPUTY EDITOR: Mark Lyward

(netcomputing@btc.co.uk)

PRODUCTION: Abby Penn

(abby.penn@btc.co.uk)

DESIGN: Ian Collis

(ian.collis@btc.co.uk

SALES:

David Bonner

(david.bonner@btc.co.uk)

SUBSCRIPTIONS: Christina Willis

(christina.willis@btc.co.uk)

PUBLISHER: John Jageurs

(john.jageurs@btc.co.uk)

Published by Barrow & Thompkins

Connexion Ltd (BTC)

Suite 2, 157 Station Road East,

Oxted,

RH8 0QE

Tel: 01883 380054 or 07747 147600

SUBSCRIPTIONS:

UK: £35/year, £60/two years, £80/three

years;

Europe: £48/year, £85/two years £127/three

years;

ROW:

£62/year, £115/two years, £168/three years

© 2026 Barrow & Thompkins Connexion Ltd.

All rights reserved. No part of the magazine

may be reproduced without prior consent,

in writing, from the publisher.

The Customer Service award was won by Sudlows, and there was plenty of cause for

celebration for ExaGrid too, as they retained the Company of the Year trophy once

again while also winning in four other categories, including Data Protection Product of

the Year and Bench Tested Product of the Year, for their Tiered Backup Storage,

reviewed in full in this issue of the magazine.

Congratulations once again to all of our 2026 winners and runners-up from all of us

here at Network Computing, and a big thank you to everyone who took the time to

nominate and vote online. NC

GET FUTURE COPIES FREE

BY REGISTERING ONLINE AT

WWW.NETWORKCOMPUTING.CO.UK/REGISTER

WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards

MAY/JUNE 2026 NETWORKcomputing 03

MAY/JUNE 2026 VOL 35 NO 02

CONTENTS

CONTENTS

M A Y / J U N E 2 0 2 6

NETWORKcomputing


MISSION-CRITICAL RESILIENCE

AUTONOMOUS

NETWORKS

THE FUTURE OF WORK

FROM IPV4 TO IPV6

A RESILIENT RESPONSE.........14

Richard Lycett at Ambulance Radio

Programme gives us a behind-the-scenes

perspective on the process of building a

national network for ambulance services

BUILDING THE MODERN

WORKSPACE.........................22

Peter McLeavery at Cybit looks at how

hybrid models, AI-driven workflows and

human-centric technology will redefine the

future of work

AUTONOMOUS

NETWORKING.....................12

IT teams need a mathematically accurate

understanding of network behaviour for

trustworthy autonomous networking, according

to Peyman Kazemian at Forward Networks

FROM IPV4 TO IPV6................16

IPV6 is growing and will be the new

mainstream internet protocol in the next

wave of internet communications. Martin

Hodgson at Paessler GmbH explains why

AUTOMATION AND MODERN

NETWORK SECURITY..............26

Automation has evolved from a useful

efficiency tool into the operational backbone

of modern network security, as Kyle Wicker at

Algosec explains

COMMENT.....................................3

Taking home the trophies for 2026

INDUSTRY NEWS.............................6

The latest networking news

ARTICLES

THE OBSERVABILITY ILLUSION IN

MODERN I.T....................................18

By Cullen Childress at SolarWinds

THE GREAT CLOUD

REPATRIATION.................................20

By Mark Lewis at Pulsant

A LASTING LEGACY?.......................24

By Wayne Kiphart at CloudFirst Global

THE CYBER RISK OF SOC ALERT

FATIGUE..........................................28

By Brett Candon at Dropzone AI

THE FUTURE FOR HIGH PERFORMANCE

COMPUTING AND AI........................30

By Dairsie Latimer at Red Oak Consulting

BRIDGING THE CYBER

CONFIDENCE GAP..........................32

By Sean Tilley at 11:11 Systems

SPOTTING THE RESILIENCE GAP IN

THE CLOUD.....................................34

By Mark Appleton at ALSO Group

REVIEW

EXAGRID TIERED BACKUP

STORAGE......................................10

04 NETWORKcomputing MAY/JUNE 2026 @NCMagAndAwards

WWW.NETWORKCOMPUTING.CO.UK

NETWORKcomputing


Product Review Service

VENDORS – HAS YOUR SOLUTION BEEN REVIEWED

BY NETWORK COMPUTING YET ?

The NETWORK computing review service has been praised by

vendors and readers alike. Each solution is tested by an

independent expert whose findings are published in the

magazine along with a photo or screenshot. Hardware,

software and services can all be reviewed.

Many vendors organise a review to coincide with a new launch.

However, please don’t feel that the service is reserved exclusively

for new solutions.

A review can also be a good way of introducing an established

solution to a new audience. Are the readers of NETWORK computing

as familiar with your solution(s) as you would like them to be?

Contact Dave Bonner on 01883 380054 or 07747 147600

or email dave.bonner@btc.co.uk to make it happen.

INDUSTRY NEWS

NEWSNEWS

NEWS NEWS

NEWS NEWS NEWS NEWS

NEWS NEWS

Will automation reshape IT operations?

New data from SolarWinds has revealed that automation is set

to play a major role in the future of IT operations, but many

teams remain cautious about how the shift will play out in practice.

In a survey of 1,040 global IT professionals, more than a third

(35%) say their IT operations will be primarily or almost entirely

automated within the next two to three years. This highlights how

quickly organisations are moving towards more automated

environments and AI assisted workflows.

However, the transition is not without its challenges. Nearly half

(46%) of IT professionals said they are concerned about the quality

or accuracy of AI, while almost a third (29%) worry about

disruption to their role. At the same time, AI is already adding

pressure, with the majority of IT workers across all roles saying it

has made their job more demanding. Data privacy and security

concerns remain the biggest barrier (43%), followed by platform

fragmentation (28%) and a lack of clear human guardrails (17%).

To adapt to this shift, IT teams are calling for more structure and

support. Over half (56%) say clearer AI policies and guardrails

would help, while 50% point to the need for formal training. The

findings suggest that while automation is moving quickly, many

organisations are still working out how to implement it in a way

that supports their teams rather than stretching them further.

"Across industries, AI adoption has been uneven. There's a clear

push to secure growth with innovation, and AI is being

positioned as the accelerator," said Cullen Childress, Chief

Product Officer at SolarWinds. "But speed alone can create

more friction than progress and many IT teams are being

stretched between innovation and accountability. Success will

come from organisations that treat AI as an operational

discipline built on visibility, control, and shared ownership - not

just a fast-moving experiment."

Hornetsecurity helps SMEs work smarter, not harder

Hornetsecurity by Proofpoint has launched a new playbook that

provides Managed Service Providers with clear, actionable

strategies to scale their organisations while helping small to midsized

businesses navigate new and emerging challenges from AI

adoption. The MSP Playbook for Working Smarter, Not Harder has

been created in response to the growing cybersecurity needs of

SMBs, from evolving cybercrime threats to increasing compliance

demands. It is designed to arm MSPs with the tools and insights

needed to handle all daily functions at pace while scaling their

business in the era of AI.

Topics like AI, vendor consolidation, effective onboarding, and

ongoing customer management are all difficult to handle

effectively, especially at scale, and the information laid out in the

playbook can help MSPs get their processes optimised to address

each one effectively.

Daniel Hofmann, CEO of Hornetsecurity by Proofpoint, said:

"MSPs are crucial partners to businesses that need secure, reliable

and efficient technology support. The need for clearer guidance,

stronger protection, and better ways of working – such as

automation – have become key factors for MSP success, turning

operational efficiency into better outcomes for their customers and

long-term success for businesses. MSPs are a critical part of the

cybersecurity ecosystem and these practices are structured to be an

essential part of their toolkit." You can download the playbook here.

Madrid data centre gets cool makeover from Vertiv

Vertiv has completed the successful modernisation of the cooling

infrastructure at Acciona's corporate headquarters data centre in

Madrid. Acciona shared that the project delivered about 70%

reduction in cooling-related energy consumption, and projected a

return on investment in approximately three years, while maintaining

full operational continuity. Following a proactive assessment

conducted by Vertiv's service team, opportunities were identified to

further enhance the performance of cooling units that had been

operating reliably for over a decade.

The goal was to increase energy efficiency and available capacity

without disrupting operations or compromising availability. Rather than

replacing existing assets, the initiative demonstrates how rethinking the

performance of installed infrastructure through a lifecycle and growthoriented

design approach can unlock significant efficiency gains and

future capacity. The solution focused on upgrading from fixed-speed

AC fans to high-efficiency, variable-speed EC (Electronically

Commutated) fans, integrated with Vertiv Liebert® iCOM controls

for real-time optimisation of unit components and setpoints.



INDUSTRY NEWS

Unlike conventional cooling units operating at constant speed,

the upgraded system dynamically adjusts airflow based on actual

demand, to enhance system responsiveness and contribute to an

extended infrastructure life cycle.Before full implementation,

Vertiv and Acciona validated the solution through a pilot

upgrade on two cooling units, confirming projected energy

savings and system improvements.

The full modernisation was executed during regular working

operations by leveraging the existing N+1 redundancy to enable

continuous operations with no downtime. In addition to energy

efficiency gains, the optimisation also freed up cooling capacity

and available power within the data centre, creating headroom for

future IT expansion without requiring major capital investments.

Forward thinking for network Digital Twins

Forward (formerly Forward Networks) has announced Forward

Predict, described as a first-of-its-kind capability that shows the

full impact of network changes before they are made. By running

every proposed change against a mathematically accurate digital

twin of the entire production network, Forward Predict ensures that

costly errors never reach production, giving organisations the

confidence to move faster, operate safely at any scale, and lay the

foundation for autonomous networking.

Forward Predict is powered by Forward's Network Digital Twin, a

complete, accurate model of behavior, including the state of every

device from every vendor, from the network layer to the application

layer. This model understands all possible ways the network can

handle packets, identifies where policies are in conflict, and

answers questions with mathematical certainty.

With Forward Predict, these same capabilities extend to future states

of the network. Proposed changes are validated against a production

equivalent network digital twin spanning every vendor and every

cloud. Risks are discovered and resolved before anything touches the

live network. The platform verifies the impact of a change through

testing and delivers deterministic evidence of the outcome.

June compliance deadline looms for UK SMEs

The UK is approaching a critical compliance milestone as new data

protection requirements come into force later this year. From June

19th 2026, all businesses, regardless of size, must have a formal

internal process in place to manage data protection complaints as part

of the Data (Use and Access) Act (DUAA). The DUAA introduces a

clear legal obligation for organisations to provide accessible channels

for individuals to raise concerns about how their data is handled.

Businesses must acknowledge complaints within 30 days and

communicate outcomes without undue delay - and there are no

exemptions for SMEs.

At the same time, cyber threats have become more sophisticated

and more scalable. SMEs are increasingly targeted not just for their

own data, but as entry points into larger organisations they work with.

In many cases, attackers view smaller firms as the path of least

resistance within interconnected business ecosystems. Some of these

supply chain attacks have resulted in huge, high-profile, breaches

that have impacted some of the largest and best-known brands in

the UK. The attacks, though originated in much smaller businesses

within their networks.

As a result, SMEs are being pushed towards adopting recognised

frameworks and certifications, such as the UK government-backed

Cyber Essentials scheme, which is now, essentially, a minimum

standard. However, compliance alone is not enough. True resilience

depends on how effectively these controls are implemented, monitored,

and maintained over time. With limited budget and resources in-house

finding the right partner to help protect data and manage processes is

now critical, as AJ Thompson, CCO at Northdoor plc explains:

"Too many SMEs still view cyber security as something they'll address

later, or only after an incident. The reality is that attackers are actively

seeking out smaller organisations precisely because they're often less

protected but still deeply connected to larger enterprises. The June

deadline should act as a catalyst, not just to meet compliance

requirements, but to take a more strategic view of risk. That means

understanding where your critical data sits, how it's protected, and

ensuring you have the right expertise in place to respond quickly and

effectively when something goes wrong. In today"s environment, whilst

prevention is all very well and good, it is having the ability to come

back from a breach that will be the real test."

"Building resilience into your everyday workflows, having the right

controls in place, keeping systems updated, and maintaining visibility

across your estate are the bare essentials in maintaining security.

Looking for the right MSPs to support you through this process is more

critical than ever," Thompson concluded.

NEWS NEWSNEWS

NEWS

NEWS NEWS NEWS NEWS NEWS

NEWS



INDUSTRY REPORT: WI-FI SECURITY

WIRELESS BROADBAND ALLIANCE ISSUES NEW WI-FI SECURITY GUIDELINES

NEW GUIDELINES PROVIDE A FRAMEWORK TO LOWER OPERATIONAL RISK AND SUPPORT

SEAMLESS ROAMING AT SCALE ACROSS PUBLIC, ENTERPRISE AND IOT ENVIRONMENTS

The Wireless Broadband Alliance (WBA),

the global industry body dedicated to

driving the seamless and interoperable

service experience of Wi-Fi across the global

wireless ecosystem, has released a new

Wi-Fi Security Guidelines report. The guidelines

define a new industry framework designed to

strengthen security, privacy and trust across Wi-

Fi networks, including public, enterprise, IoT

and roaming environments.

Today, Wi-Fi underpins critical digital services

for consumers, businesses and connected

devices, yet inconsistent or fragmented security

practices can expose users and operators to

risks ranging from rogue access points and

credential theft, to privacy breaches and

signaling attacks. The new guidelines will help

organisations reduce exposure to common Wi-

Fi threats, improve user trust, and simplify

interoperability across networks and partners.

For operators and enterprises, this results in

more predictable security outcomes and

greater confidence when deploying or scaling

Wi-Fi services.

The guidelines address the growing need for

carrier-grade security that aligns with user

expectations. Built on widely deployed

technologies including OpenRoaming and

Passpoint®, the report sets out a clear,

standards-based framework for securing Wi-Fi

end-to-end, from device authentication

through to physical and backhaul security,

Layer-2 protection, RadSec adoption,

federation governance and readiness for postquantum

cryptography.

INTEROPERABLE CONNECTIVITY

COMPARABLE TO CELLULAR

NETWORKS

Implemented together, interoperable measures

across authentication, encryption, identity

privacy, credential handling, infrastructure,

control-plane signaling and federation

governance, enable Wi-Fi to deliver secure,

privacy-preserving and interoperable

connectivity comparable to cellular networks.

The guidelines on securing Wi-Fi networks are

designed to:

Prevent connections to rogue and fake networks:

Wi-Fi security starts with trust. The report

mandates mutual authentication using 802.1X

and strong EAP methods, requiring devices to

validate network certificates before sharing

credentials. This ensures users only connect to

legitimate networks and significantly reduces the

risk of evil-twin and rogue AP attacks

Protect data over the air: By enforcing

WPA2/WPA3-Enterprise with AES encryption

and Protected Management Frames (PMF), the

report ensures traffic confidentiality and

integrity. This prevents passive sniffing,

deauthentication attacks, and many man-inthe-middle

techniques, bringing Wi-Fi security

closer to cellular-grade protection

Preserve user identity privacy without breaking

compliance: The report balances privacy and

traceability by using anonymous identities,

encrypted inner identities, pseudonyms, and

Chargeable-User-Identity (CUI). This protects

personally identifiable information during

authentication while still enabling lawful

intercept, billing, and incident handling when

required

Secure credentials end-to-end: Credentials are

protected throughout their lifecycle, from device

to network to backend systems. The report

requires secure OS key stores on devices,

hardened credential storage in identity provider

systems, and tamper-resistant SIM and USIMs

for mobile credentials, reducing the risk of

large-scale credential theft

Harden the entire access network: Security

extends beyond the radio link. The report

provides guidance for physical security of

access points and controllers, encrypted AP-tocontroller

links, secure backhaul design, and

local breakout architectures, ensuring traffic

remains protected across the full network path

Secure AAA and roaming signaling:

Recognising that the control plane is often

overlooked, the report strongly recommends

RADIUS over TLS or DTLS for all AAA and

roaming exchanges. This protects

authentication and accounting traffic from

interception or manipulation, aligning with

OpenRoaming and WRIX requirements

Add Layer-2 protections against lateral attacks:

To limit damage even if a malicious device

connects, the report promotes Layer-2 traffic

inspection, client isolation, proxy ARP, and

multicast and broadcast controls, reducing

client-to-client attacks such as ARP spoofing

and broadcast abuse

Enforce security through federation and

governance: Security is reinforced not only

technically but operationally. Through

OpenRoaming and the WRIX legal framework,

security requirements, responsibilities, and

privacy obligations are consistently enforced

across operators, identity providers, and hubs.

The WBA has also created a Wi-Fi Security

FAQ alongside the new guidelines. It gives

users, enterprises and network operators a

clear and accessible understanding of how

modern Wi-Fi security works and can be seen

at: https://wballiance.com/wi-fi-securitygeneral-audience-faq



WWW.NETWORKCOMPUTINGAWARDS.CO.UK

Attention vendors: Could your solutions impress our Judge?

The BENCH TESTED PRODUCT OF THE YEAR category is for all solutions that have

been independently reviewed for Network Computing. We congratulate ExaGrid,

winners of this award in 2026

To ensure that your solutions are contenders for this Award in 2027 you will need

to book them in for review. Contact dave.bonner@btc.co.uk

The Network Computing Awards of 2026 are sponsored by:

PRODUCT REVIEW

ExaGrid Tiered

Backup Storage

PRODUCT REVIEW

PRODUCT

REVIEWPRODUCT

Enterprises facing rapidly growing

backup demands, shrinking windows of

opportunity and the ever-present threat

of ransomware attacks need to rethink their

data protection strategies. ExaGrid has the

answer as its Tiered Backup Storage systems

deliver an incredibly flexible and high

performing scale-out storage solution with a

unique front-end Landing Zone and the

industry's only AI-Powered Retention Time-

Lock for Ransomware Recovery (RTL) feature,

which identifies anomalies and prevents

threat actors from maliciously deleting or

encrypting backup data.

ExaGrid currently offers eight HDD-based

EX appliances with a range of storage

capacities and has expanded this family with

four all-Flash models, targeting

organisations that demand the fastest

restore times and need to reduce power and

cooling costs. Equipped with high-speed

enterprise NVMe SSD, they offer the same

impressive capabilities as the HDD models

with a scale-out architecture that allows for

a cost-effective, pay-as-you-grow approach

and maintains a fixed-length backup

window as data grows, with up to 32

appliances in a single system that scales to

over 17PB full backups.

Whereas many competing solutions are

based around a single controller unit and

disk expansion shelves, each EX appliance is

a complete compute system with CPUs,

memory, networking and storage, allowing

you to purchase more capacity as demand

increases without impacting performance.

Even better, ExaGrid's offers a 5-year price

protection guarantee and a full useful life

program to eliminate forced product

obsolescence.

Regardless of which appliance models you

choose, you'll get all the benefits of

ExaGrid's smart data deduplication

technology, which is designed to avoid the

backup and restore performance

compromises many other solutions suffer

from. The appliances present a unique diskcache

Landing Zone where data received

from the backup application is written to it in

undeduplicated form, allowing ExaGrid to

claim an industry-leading ingest rate.

Along with the Landing Zone, data is also

written to a long-term Repository Tier during

backup operations where it is deduplicated

and compressed. This dual approach has

big performance benefits as the Landing

Zone accelerates restore operations by up to

20 times as data doesn't require rehydration

and decompression.

Ransomware attacks are a clear and present

danger but ExaGrid has you covered, as

although the Landing Zone is network-facing,

the repository has a tiered air gap between

the Landing Zone and the non-networkfacing

Repository Tier which is only visible to

the ExaGrid software. There's more valuable

security as ExaGrid's AI-Powered Retention

Time-Lock (RTL) provides deep defences

against ransomware attacks.

RTL includes Auto Detect & Guard that uses

AI to learn an organisation's delete patterns,

and if there is a delete request that is

abnormal, will alert IT staff - offering an early

warning of a potential attack - and will

automatically extend the delayed delete

policy indefinitely. The policy delays any

delete requests that come into the Landing

Zone via the user network or backup app to

ensure that the data is available in the

Repository Tier to restore from after an attack.

The requests will be carried out in the

Landing Zone but when a time-lock period is

applied, they have no impact on the

Repository Tier as all deduplicated objects are

immutable and cannot be changed,

modified, or deleted.

Deployment is undemanding as the

appliances are 100% customer installable

and can be implemented in about one hour

with initial backups occurring the same day.

Another key benefit is that ExaGrid offers

certified integration with over 25 of the

leading backup applications, allowing

enterprises to keep their existing backup



PRODUCT REVIEW

infrastructure. ExaGrid supports a wide

variety of backup applications, utilities, and

direct database dumps. In addition, ExaGrid

allows multiple approaches within the same

environment, so if an organisation changes

backup applications in the future, the

ExaGrid system will still work, protecting the

initial investment.

This deep integration with all of the

leading backup software products puts

ExaGrid in a commanding position to

capitalise on the rapid disaggregation in the

backup storage market. Many backup

application vendors are finding the cost

benefits of supplying end-to-end bundles

that include the backend storage aren't

stacking up and have moved to focus purely

on their software subscription models.

Commvault users can retain their software

investment and use ExaGrid to provide the

backend storage. More importantly, they can

continue to enjoy the benefits of

Commvault's deduplication and allow

ExaGrid to further deduplicate backup data

on its target storage with combined reduction

ratios improved to 15:1.

These are compelling numbers as

combining ExaGrid and Commvault into one

backup strategy can reduce its storage

footprint by up to 300%. Extrapolate this

over a number of years and it's clear that

substantial savings can be made.

From the Commvault administrator's

perspective, there is very little they need to

change as ExaGrid CIFS/NFS shares are

declared to Commvault storage policies as

backup destinations. They can leave the

Commvault MediaAgent inline deduplication

and compression both enabled along with its

integral data integrity validation services.

It also makes ExaGrid very appealing for

organisations using Veeam's Data Platform,

as ExaGrid supports an integrated Veeam

Data Mover for ingest performance and

security, Veeam Fast Clone for synthetic full

backups and Scale-Out Backup Repository

(SOBR) for scalability. Even better, ExaGrid

also supports Veeam writing to ExaGrid

Tiered Backup Storage as an S3 object store

target and it brings Veeam's backup for

Microsoft 365 (MS365) solution into play, as

you back up MS365 data directly to

ExaGrid's immutable on-premises storage.

Deploying ExaGrid in a Veeam data

protection strategy is a breeze as

administrators simply direct their backup jobs

to the ExaGrid shared storage repository.

ExaGrid's Landing Zone disk cache receives

data from the backup application directly to

the Landing Zone in an undeduplicated

form, thus ensuring high performance

backups as well as Veeam's advanced

features such as Sure Backup, Data Lab,

Instant VM recovery, copy and replicate.

ExaGrid recently announced integration

with Rubrik and full support for its Archive

Tier. It works seamlessly with Rubrik's

compression and deduplication to achieve

an extra 3x to 10x data reduction on top of

Rubrik's deduplication. Additional storage

reductions plus combined deduplication

ratios of between 6:1 and 20:1 can

significantly lower storage costs when using

Rubrik's Archive Tier with Instant Archive

enabled, and offers equally impressive

savings when compared to using Rubrik's

Archive Tier in the Cloud. ExaGrid has also

announced support of Cohesity in Q2

2026 including both NetBackup and

DataProtect customers.

ExaGrid's latest announcement of shipping

all flash/SSD appliances can reduce rack

space, power consumption and cooling

demands as well as provide the fastest

backup and restore performance in the

industry. The SSD appliances can scale to

more than a 17PB full backup and in

addition, can store long term retention in

their deduplicated repository. ExaGrid further

allows SSD on-premises replication to be

carried out to its HDD appliances located at

disaster recovery sites for the best mix of both

performance and cost.

ExaGrid's EX appliances are a natural

choice for enterprise data backup and

disaster recovery as they deliver an easily

deployed, highly flexible and highperforming

storage solution that

effortlessly scales with rapidly increasing

data volumes and shrinking backup

windows. The new all-Flash models offer

significantly faster backup and recovery

times and ExaGrid's innovative two-tier

storage architecture and new AI-powered

RTL policies ensure you can always recover

from ransomware attacks. NC

Product: ExaGrid Tiered Backup Storage

Supplier: ExaGrid

Web site: www.exagrid.com

Tel: +44 (0) 1189 497 051



OPINION: AUTONOMOUS NETWORKING

AUTONOMOUS NETWORKING STARTS WITH A NETWORK YOU KNOW

VISIBILITY ISN'T ENOUGH;

NETOPS AND SECOPS TEAMS

NEED A MATHEMATICALLY

ACCURATE UNDERSTANDING

OF NETWORK BEHAVIOR FOR

TRUSTWORTHY

AUTONOMOUS NETWORKING

ACCORDING TO PEYMAN

KAZEMIAN, CO-FOUNDER,

FORWARD NETWORKS

Network engineering, operations,

and security teams work tirelessly

to deliver a resilient network that

drives business outcomes, continually

making changes without a clear picture of

how the network behaves. This is a highrisk

endeavor that can lead to outages

and increased security risk.

The enterprise's technical evolution has

outpaced network operations, leading to

this situation. Almost every aspect of the

network has undergone significant

changes in the past two decades, but

operations remain largely unchanged,

relying on manual processes and a

plethora of tools.

The networking "toolbox" has grown over

decades into today's toolchain, improving

visibility but not fundamentally changing

how networks are operated. The state of

the art remains fragmented, with data

spread across siloed systems and no

accurate, unified understanding of

network behavior. Teams see pieces of the

network, not the whole, and still cannot

answer the question that matters most:

Does the network actually behave the way

it was designed to?

Without that insight, there's no safe basis

for planning change windows, manual or

autonomous. Nothing can be tested or

validated before it's put in production.

This is the fundamental risk of operating

the network without a mathematically

accurate model.

Virtually every industry in the world has

established processes to verify outcomes

before deploying changes to production.

This is true in pharmaceuticals, retail, and

even aerospace. Nothing ships without

first being thoroughly vetted in a digital

model. Networking remains a stubborn

exception. It's still common practice to

change the backbone of the business

without certainty of the outcome. The costs



OPINION: AUTONOMOUS NETWORKING

are

no longer

theoretical;

they are significant

and mounting.

OPERATING WITHOUT

MATHEMATICAL ACCURACY

INTRODUCES EXPENSIVE RISK

Research consistently shows the scale of

disruption and its mounting financial toll

on the enterprise. Nearly 40% of

organisations have suffered a major

outage caused by human error in the

past three years, with 85% of those

incidents traced back to process failures

or staff not following procedure (Uptime

Institute, 2025 Annual Outage Analysis).

The financial consequences are

substantial. Unplanned downtime costs

the average enterprise $14,056 per

minute, rising to $23,750 for large

enterprises, totaling nearly half a trillion

dollars in annual losses across Global

2000 companies alone.

Autonomous operations are meant to

solve this, delivering change at a speed

and scale humans cannot match. But

speed becomes a liability when errors

propagate through the network at

machine speed. Because network agents

often have incomplete data and a

limited understanding of the full network,

their seemingly promising solutions,

when implemented, frequently lead to

major disruptions or outages due to a

lack of complete, end-to-end validation.

This level of risk is not acceptable for the

backbone of the business, and the

industry needs to deliver more.

The only way autonomous networking

can succeed at scale and become

mainstream is by ensuring every action

and proposed change is validated

against a production network model

before being pushed live. This is made

possible by a mathematically accurate

digital twin, which serves as the

foundation for safe, reliable

autonomous operations.

WHAT IS A MATHEMATICALLY

ACCURATE DIGITAL TWIN?

A mathematically accurate digital twin is

built on network data models that

represent each device as a

transformation function on a set of

potential packets. These transformations

are algebraic and logical operations

that, when analysed end-to-end, verify

the complete network design against the

required policies and expected behavior,

exhaustively rather than probabilistically.

Unlike monitoring or traffic sampling,

this approach does not rely on observed

traffic. It proves network isolation,

verifies security rule enforcement, and

traces every possible traffic flow across

the network, not just the ones that have

occurred. A mathematical model delivers

a fundamentally different class of insight

than conventional tools can provide.

By collecting a snapshot of

configuration and state from every

device on the network, organisations

can continuously verify behavior

and validate policy compliance.

This model becomes the

guardrail for autonomous

networking, enabling agents

to make trustworthy

decisions rather than informed guesses

based on incomplete data.

TRUSTWORTHY AUTONOMOUS

NETWORKING

When network operations are based on

a mathematically accurate

understanding of the network, engineers

can be assured that they will achieve

specific goals with network changes

without breaking anything else. This

delivers the behavioral truth needed to

drive more trust and adoption of network

automation and operations. Under these

conditions, the network delivers business

outcomes faster, autonomous operations

are trusted, and decisions are made with

mathematical accuracy. NC



OPINION: NETWORK RESILIENCE

A RESILIENT RESPONSE

RICHARD LYCETT, SENIOR TECHNICAL MANAGER AT AMBULANCE RADIO PROGRAMME, GIVES A

BEHIND-THE-SCENES PERSPECTIVE ON THE PROCESS OF BUILDING A NATIONAL NETWORK FOR

AMBULANCE SERVICES

In the world of emergency services, the

term mission critical is hard to escape but

a non-negotiable in how we operate. At

Ambulance Radio Programme (ARP) our

organisation sits within the NHS and exists

to provide the national infrastructure that

underpins ambulance service

communications and mobilisation.

If our systems fail, vehicles cannot be

deployed efficiently. If our

communications falter, crew safety can be

compromised. Quite simply, many lives

depend on the resilience, security and

availability of our technology.

Nearly a decade ago, we recognised that

the networking model we were operating

under was no longer fit for the future.

Government direction required large,

monolithic contracts to be broken down

into smaller, more agile arrangements. At

the same time, we were implementing a

new control room solution alongside a

mobile data vehicle platform, both hosted

within Crown Hosting Data Centres

(CHDC), a joint venture between the

Cabinet Office and Ark dedicated to

serving the public sector. We also needed

to bring together 35 NHS trust sites into

one unified environment.

What quickly became clear was that none

of this could succeed without a highly

resilient, carefully managed national

network. At that point, we did not have a

Network Operations Centre (NOC) in

place. We needed not just the infrastructure,

but a partner capable of building a resilient

network across dual data centres and 35

geographically dispersed ambulance trusts.

That was the beginning of our

engagement with Vysiion, a partner to help

us design, deploy and manage a national

network from the ground up.

CREATING A HIGHLY RESILIENT

FOUNDATION

Today, we operate a highly resilient network

spanning two data centres, both capable of

supporting mission-critical applications for

ambulance services nationwide. The

architecture enables continuous availability

of our core systems, ensuring that

mobilisation and communications services

remain operational 24/7.



OPINION: NETWORK RESILIENCE

This is not simply about connecting sites.

It's about ensuring that applications

communicate seamlessly within and

between data centres, that our 35 NHS

Trust locations can reliably access national

systems, and that everything is monitored,

maintained, patched and protected

against threat.

Resilience has two dimensions: technical

and operational. Technically, the dual data

centre design ensures redundancy.

Operationally, the presence of a dedicated

NOC and evolving managed services

model means that incidents are identified

and responded to quickly. We deliberately

embedded this support capability from

Vysiion before going live with our core

applications, ensuring we had stable

security from day one.

SECURITY AS A CONTINUOUS

DISCIPLINE

For a national ambulance solution, security

is inseparable from resilience. The

introduction of DDoS protection has been

critical in safeguarding our external

communications services. Without that

protection, we would be significantly more

exposed to internet-based threats. But

security is not just about deploying

appliances; it is about responsiveness.

One of the strongest aspects of our

partnership has been the speed at which

vulnerabilities are identified and

addressed. In some cases, we've been

alerted to critical issues before national

notifications reached us. When a serious

vulnerability emerges, it disrupts everything

else. The priority becomes testing,

validating and implementing fixes safely

and methodically.

During the implementation process and

beyond, we test thoroughly. Experience has

taught us that even well-intentioned

patches can introduce instability. In a blue

light environment, stability is paramount.

The addition of cyber security operations

capabilities provided by Exponential-e has

further strengthened our position. Few

comparable organisations operate with this

level of integrated national oversight. For

us, the risk profile of a national mobilisation

platform demands it.

LEARNING THROUGH CHANGE

If there is one constant throughout this

transformation project, it has been change.

We initially believed that after a few years,

the rate of transformation might slow. It did

not. As requirements expanded, services

grew - from core networking into wider

infrastructure, switching, and cyber services.

Some of that growth reflected our own

maturity; some resulted from consolidating

responsibilities that were previously

fragmented across multiple suppliers.

Early on, we had too much segregation.

Over time, bringing greater coherence

under one trusted partner improved clarity,

accountability and operational effectiveness.

Mistakes happen in complex

environments. The measure of a

partnership is not whether issues occur, but

how they are handled. We have focused

heavily on process refinement - introducing

"buddying" for critical changes,

strengthening assurance steps, and

improving monitoring. Two people carrying

out one change may not be faster but

getting it right first time is far more efficient

than remediation after failure.

Honesty and transparency have been

essential. When issues occur, we address

them openly, identify root causes, and

adjust processes accordingly. That culture of

shared accountability underpins resilience

just as much as any technical architecture.

PLANNING BEYOND TECHNOLOGY

We are now entering another phase of

transformation, modernising elements of the

technology stack. But technology alone is

not the objective. Every investment must be

framed in terms of business value: improved

reliability, enhanced security posture,

operational efficiency, or measurable risk

reduction. When engaging with our board,

technical language alone is insufficient.

What matters is articulating the problem

being solved and the resilience gained.

That philosophy has shaped our broader

lesson for others considering national or

centralised models. Do not simply procure a

network or a product. Clearly define the

business outcome you are trying to achieve.

Engage partners early, involve them in

understanding application behaviours, the

operational realities, and avoid being

prescriptive, so that you can create better

solutions. Resilience is not something you

buy off the shelf. It is designed, tested,

refined, and strengthened over time.

A PARTNERSHIP BUILT ON SHARED

RESPONSIBILITY

Looking back, ARP has grown together

with its technology partners. What began

as a focused managed network service has

evolved into a broader, integrated

capability spanning networking, security

and operational oversight. For a national

ambulance infrastructure provider, the

stakes are high. Vehicle mobilisation,

voice communications, and crew safety

depend on the continuous availability of

our systems.

The resilience we have built is not

serendipitous; it is the product of deliberate

architecture, responsive security, operational

maturity, and a partnership grounded in

transparency. In mission-critical

environments, resilience is never finished. It

is a discipline. And it is delivered not just

through technology, but through people,

process and partnership, working in

alignment toward a single goal: keeping

essential services running when they are

needed most. NC



OPINION: IPV6

FROM IPV4 TO IPV6: BRIDGING THE MONITORING GAP

IPV6 HAS SAT IN THE

SHADOW OF THE LEGACY

IPV4 PROTOCOL FOR YEARS

ACCORDING TO MARTIN

HODGSON, ACCOUNT

EXECUTIVE, PAESSLER GMBH.

NOW, IPV6 IS GROWING

AND WILL SOON BE THE

NEW MAINSTREAM INTERNET

PROTOCOL IN THE NEXT

WAVE OF INTERNET

COMMUNICATIONS

Across the world, a sentiment of change

can be felt for internet protocols. Where

IPv4 once dominated, the protocol is

now losing ground to an increasing push

towards its newer counterpart, IPv6. Already,

over 45% of global protocols are made up of

IPv6. In regions with more progressive

systems, it's not uncommon to see higher.

France, for example, has shown IPv6

adoption as high as 85%.

However, many IT teams aren't catching on. In

a bid to cling onto IPv4 systems while they last,

for many, dual-stack monitoring is as far as

IPv6 monitoring has gone. The issue with this

isn't just resistance to change, it's fundamentally

increasing risks to IT systems. With adoption

rates of IPv6 increasing exponentially, this

approach means teams are unaware of at least

half of the traffic coming through their desks.

For regions with higher adoption, the level of

unmonitored traffic is far higher.

IT teams can no longer afford to ignore the

IP transition.

THE IPV6 COVERAGE GAP

IPv6 user growth is not slowing down. It is

already carrying a major share of day-to-day

internet traffic, often without anyone making a

conscious decision to use it. Devices

increasingly prefer IPv6 connections

automatically through Happy Eyeballs, which

means users can be connecting over IPv6 even

when teams are still thinking in IPv4 terms.

ISPs increasingly run IPv6-only core networks,

while cloud providers are exponentially driving

IPv6-native services. Together, these shifts create

a growing blind spot for monitoring focusing on

IPv4, in a world of IPv6.

WHERE DUAL STACK FALLS SHORT

Dual-stack monitoring is common, but it

doesn't automatically translate into effective

monitoring. Many environments have IPv6

enabled on routers and firewalls, but

monitoring remains heavily weighted

towards IPv4.

That is how teams end up in a position where

a service appears healthy via IPv4 while IPv6 is

degraded or unavailable, and the first clear

signal comes from the helpdesk rather than

from monitoring. In healthcare, manufacturing,

and other environments where network failures

have real-world consequences, teams can't

afford to discover IPv6 outages through patient

complaints or production line stoppages.

This gap is harder to close if teams assume

IPv6 behaves like IPv4. The protocols operate

differently in ways that affect both monitoring

and troubleshooting. IPv6 addresses use 128

bits rather than 32, which makes traditional

scanning methods impractical. Fragmentation

happens at the source rather than at routers.

ICMPv6 plays a much bigger role than ICMP

did in IPv4 networks. DNS lookups use AAAA

records rather than A records. These differences

change what teams need to measure and how

they interpret what they see.

HOW BLIND SPOTS BECOME

DOWNTIME

The issue with widening gaps in internet protocol

monitoring lies in its subtlety. Issues don't start at

scale; they begin small and scattered in

incidences across systems. With time, visibility

deteriorates and issues pile up, and

performance degrades without any clear cause.

Subsequently, security gaps begin to form in

the blind spots and issues only become clear

after large scale breakdowns, leaving teams

forced into reactive troubleshooting.

BUILDING EFFECTIVE IPV6 VISIBILITY

The transition window is closing fast. Teams

need monitoring solutions that can identify and



OPINION: IPV6

baseline IPv6 traffic quickly, not tools that

require weeks of manual configuration

before they provide useful data. Autodiscovery

capabilities matter more for IPv6

than they did for IPv4. Manual enumeration

of 128-bit address spaces isn't realistic.

Uptime monitoring should cover IPv6-

enabled devices and endpoints, and IPv6

connectivity should be verified. Teams need

to know whether IPv6 networks can route

traffic, whether DNS resolution works for

AAAA records, and whether firewall rules

are blocking legitimate IPv6 traffic.

In dual-stack environments, traffic analysis

also matters. Teams should understand the

IPv6 to IPv4 ratio, which services rely on

which protocol, and whether there are

performance differences between them.

Having IPv4 and IPv6 visibility side by side

reduces the risk of treating one protocol as

the default view of service health.

There are also areas that are specific to

IPv6 operation, including router

configurations, neighbour discovery

messages, tunnel endpoints, and VPN

behaviour with IPv6. IPv6 monitoring needs

to work consistently across traditional data

centers, cloud instances, remote sites, and

increasingly, OT environments where IPv6 is

being deployed for IIoT devices.

Real-time notifications remain important.

When an IPv6 route fails or DNS stops

answering AAAA queries, teams need timely

alerts to avoid discovering the problem

through user reports.

A SCALABLE MODEL FOR IPV6

MONITORING

Most teams have more IPv6-capable

devices than they realise, and the first step is

to identify what is actually using IPv6 today.

Not every team has IPv6 protocol experts

on staff. Effective monitoring tools should

surface IPv6 issues clearly, showing when

AAAA records fail or when neighbour

discovery breaks, without requiring

teams to interpret raw packet

captures. The best monitoring

approaches work out of the

box for standard IPv6

scenarios but still allow

protocol-level customisation

when teams need deeper

visibility into ICMPv6 or

specific tunnel types.

Monitoring also needs to

be consistent across both

protocols in dual-stack

environments, so teams can

compare performance and

connectivity directly rather than

treating IPv6 as secondary.

Scale adds another challenge. Manual

checking is not realistic with IPv6, and

adding monitoring infrastructure shouldn't

require proportional increases in

operational overhead or specialised

expertise. API integration becomes essential,

not just for automation, but for keeping IPv6

monitoring sustainable as environments

grow. The goal is lateral scaling: covering

more IPv6 endpoints without adding

headcount or complexity.

The monitoring priorities will differ

depending on the environment. ISP teams

may need to track customer IPv6 adoption

rates and monitor tunnel endpoints.

Enterprise teams may need to watch IPv6

traffic across VPNs, verify authentication, and

track remote worker performance. Cloud

teams may need to monitor IPv6 connectivity

across AWS regions, check dual-stack load

balancers, and verify SSL certificates.

CONCLUSION

The IP transition is only going one way. Ipv6

is being pushed from every angle, whether

teams are aware or not. Policy requirements

are pushing it forward, major cloud

platforms are

designing around it, and mobile operators

have been operating at IPv6 scale for years.

Whether internal IT functions are ready or

not, IP will continue to change. Running

dual stack doesn't remove the risk: if IPv6

isn't monitored with the same discipline as

IPv4, teams lose operational visibility. IPv6

changes how addressing works and how

traffic flows, which affects what "normal"

looks like and which signals matter.

A sensible way to get ahead of that is to

start from the environment you already

have. Establish a baseline of current IPv6

usage, confirm where monitoring and

logging don't yet extend to IPv6, and

introduce alerting for problems that appear

differently in IPv6 than they do in IPv4. The

teams that do this groundwork early will be

better positioned to maintain performance

and tighten security as more users and

services default to IPv6 first. NC



OPINION: I.T. OBSERVABILITY

THE OBSERVABILITY ILLUSION IN MODERN I.T.

ADVANCED OBSERVABILITY

PLATFORMS ARE THE ANSWER

TO FRAGMENTED I.T. TOOLS

AND LIMITED VIBIBILITY

ACCORDING TO CULLEN

CHILDRESS, CHIEF PRODUCT

OFFICER, SOLARWINDS

Modern IT environments have

become too complex for

fragmented observability models,

creating a dangerous gap between

perceived visibility and operational reality.

As a result, poor visibility - once

considered an operational IT issue - shifts

from being the sole preserve of IT teams

to one that increasingly is being

addressed in the boardroom.

To make matters worse, all this is

happening at a time when there is a

global shift in expectations around

operational resilience, with governments,

regulators, customers and boards all

placing greater scrutiny on how

businesses function in complex digital

environments.

only the illusion of control.

FRAGMENTED VISIBILITY IS

CREATING OPERATIONAL BLIND

SPOTS

It would be easy to dismiss this as an 'IT

issue'. But when this frontline activity

directly affects the resilience, continuity,

efficiency, customer experience, security,

and ultimately business performance, the

reality is much more pressing.

As organisations become increasingly

dependent on digital infrastructure, the

tolerance for disruption narrows markedly.

From financial services and healthcare to

logistics, manufacturing, and the public

sector, outages and operational failures

can have a devastating impact.

COMPLEXITY HAS OUTPACED

TRADITIONAL OBSERVABILITY

This is the reality of today's modern world.

And it is against this backdrop that AI is

emerging as the technology that is

transforming observability from a fragmented

approach to monitoring and replacing it with

intelligent operational resilience.

Part of the reason is that IT teams are

now managing huge volumes of alerts,

telemetry, performance metrics and

security signals. In many organisations,

different operational teams continue to

work across separate monitoring tools

and dashboards, making it harder to

establish a unified operational picture.

Organisations may have more

monitoring data than ever before, yet still

struggle to identify root causes quickly,

prioritise incidents effectively, or

understand how issues in one part of

their environment affect the wider

business. The result is a false

sense of visibility and

The cyber incident that affected Jaguar

Land Rover - to use but one example -

demonstrated how digital disruption can

rapidly cascade through complex supply

chains. That growing dependency is also

driving a wider shift in regulatory

expectations around resilience,

accountability, and operational

governance.

Of course, you could argue that this has

always been the case. What's different is

that today, the scale, complexity, and

interconnected nature of modern digital

environments have dramatically increased

the consequences of getting things wrong.

REGULATION IS RAISING THE

STAKES FOR RESILIENCE AND

ACCOUNTABILITY

In fact, governments and regulators are

so concerned about the possible threats

that they're introducing new rules

designed to strengthen expectations

around cyber resilience, operational

continuity and digital accountability.



OPINION: I.T. OBSERVABILITY

In the UK, the proposed Cyber Security

and Resilience Bill is expected to place

greater emphasis on operational

resilience and the ability of

organisations to manage and recover

digital infrastructure effectively. While in

the EU, the Cyber Resilience Act is

raising expectations around security,

governance, accountability, and lifecycle

risk management across connected

technologies and digital systems.

Taken together, they reflect a broader

global shift in expectations around

operational resilience. In that context,

fragmented visibility is no longer just an

operational challenge. It becomes a

governance, resilience, and business

risk issue.

Even in the US - which tends to take a

less centralised regulatory approach

than other jurisdictions - the direction of

travel is similar, with organisations

facing increasing pressure to

demonstrate stronger operational

visibility, governance, and incident

response capabilities.

Which brings us back to AI and the

role it's playing. In particular, it's helping

to reduce costs and improve mean time

to repair (MTTR) as IT teams use it to

automate incident prioritisation,

accelerate root cause analysis, predict

capacity and performance issues, and

reduce alert noise and fatigue.

But the adoption of such tools remains

mixed. Across both the public and

private sectors, security concerns

continue to be a barrier to take-up,

along with growth issues such as the

ongoing skills gap and the complexity of

the technology itself. So how do

business leaders address this?

MOVING FORWARD

First, organisations need to build a clear

operational case for AI adoption by

linking it directly to the problems teams

are facing today. Successful adoption

depends as much on organisational

alignment and operational readiness as

it does on the technology itself.

Second, they need to treat AI like any

other critical system by putting strong

security and access controls in place

from the start. That means addressing

compliance concerns early, applying the

same standards they use for company

and customer data, and being clear

about how AI tools are governed.

Ultimately, long-term success will

depend on building trust in AI-enabled

operations through governance, training

and clear business alignment.

Organisations that close the visibility

gap will be significantly better

positioned to manage operational

complexity, strengthen resilience and

reduce risk across increasingly

distributed environments.

Advanced observability platforms give

IT teams the visibility needed to

understand why incidents occur, respond

faster when they do, and increasingly

prevent them altogether. NC



OPINION: CLOUD REPATRIATION

THE GREAT CLOUD REPATRIATION

MARK LEWIS, CHIEF MARKETING OFFICER AT PULSANT, OFFERS HIS INSIGHTS ON WHY UK

BUSINESSES ARE BRINGING DATA HOME

More UK organisations are treating

cloud location as a governance risk

decision, because incidents and

audits expose questions around jurisdiction,

access and evidence. Recent research found

that 87% of respondents plan to partially or

fully move workloads away from the public

cloud over the next two years, with 54%

considering private cloud, 38% exploring

greater reliance on their own data centres,

and 36% assessing colocation.

While those figures should be treated as a

directional indicator rather than a market

census, they align with a wider move towards

localisation as geopolitics and jurisdictional

exposure become bigger inputs to cloud

decisions. Gartner has reported that 61% of

CIOs and IT leaders in Western Europe plan

to increase reliance on local cloud providers,

which matches what many UK IT teams are

already seeing in procurement language and

internal policy updates.

WHY CLOUD STRATEGIES ARE

BEING REWRITTEN

The driver is often described as "sovereignty",

but the operational triggers are more specific

than a general desire to keep data close to

home. When risk and legal teams look at a

workload, they care about which jurisdictions

can apply, who can administer services,

which support chains are involved, and how

incident response works when access is

needed at speed.

Those concerns are showing up in formal

strategy resets, with research stating that 68%

of UK respondents have changed their cloud

strategies and that geopolitical risk is driving

closer scrutiny of how data is stored,



OPINION: CLOUD REPATRIATION

processed, accessed and secured.

WHERE UK GDPR FORCES CLARITY

A large part of the discomfort comes down

to jurisdictional exposure and the practical

realities of administration in global

platforms. UK GDPR does not prevent

organisations from using global providers,

yet it does require a clear view of whether

data is being transferred outside the UK,

including cases where it is accessed from

abroad as part of delivery, support, or

incident handling. The ICO's guidance on

international transfers and restricted transfers

is useful here because it pushes teams to

map where access and processing happens,

and which overseas parties can receive or

access personal data.

COST STILL MATTERS, BUT IT IS

RARELY THE ONLY TRIGGER

Cost is also present in many repatriation

conversations, although it rarely stands

alone. A cloud estate that grew quickly can

leave teams paying for storage sprawl,

duplicated environments, data egress, and

services that were never properly retired, and

those costs become harder to justify when

boards also want stronger jurisdictional

control. Kyndryl's findings reported by

Computer Weekly include that 62% of

organisations invested heavily in cloud early

on and later reverted some workloads to onpremise,

which helps explain why "bringing

data home" is appearing as a corrective step

in mature estates.

Mark Lewis, Chief Marketing Officer at

Pulsant, says: "What we hear from UK IT

teams is that repatriation is rarely a blanket

move, because cloud still delivers real value

for the right workloads. The pressure comes

when teams cannot explain, in plain terms,

which country's rules apply, who can access

systems during incidents, and how that

access is controlled and logged. When

those answers are weak, the default

response is to reduce exposure."

NOT LEAVING CLOUD,

TIGHTENING CONTROL

This is also why the phrase "cloud

repatriation" can mislead, because most

organisations are not abandoning cloud

consumption. The more common pattern is

a tighter split between workloads that benefit

from elastic services and global platforms,

and workloads where the organisation needs

stronger evidence of control, predictable

performance, or simpler assurance.

In that model, sensitive datasets and controlheavy

components move to environments

where location, access and operational

responsibility are easier to define, while cloud

services remain in use through governed

connectivity and clearer boundaries.

THE UK POLICY CONTEXT IS

REINFORCING DOMESTIC HOSTING

The UK policy context is reinforcing the focus

on domestic infrastructure, which makes the

"bring it home" narrative easier to defend

internally. UK data centres were designated

as Critical National Infrastructure in 2024,

reflecting the extent to which data centre

resilience is now treated as part of national

economic security.

The market response suggests sovereignty

requirements are moving into mainstream

procurement, with organisations looking for

hosting models that keep data and processing

domestic and can be evidenced in assurance

reviews and incident response planning.

WHY UK-SOVEREIGN COLOCATION

IS A PRACTICAL CONTROL POINT

A colocation facility in the UK supports

physical hosting within UK borders, while

giving organisations the option to implement

their own security and access controls,

manage hardware and key material, and set

clear operational boundaries around

incident processes and privileged access.

The value lies in how easily those boundaries

can be documented and audited,

particularly when internal policy requires

confidence in where systems are hosted and

who can administer them.

"Sovereignty clauses in contracts tend to be

written broadly, then tested during

onboarding and audit when teams get into

the detail," says Mark Lewis. "The questions

that decide the outcome are usually about

privileged access, support delivery,

subcontractors, and what changes during

incident response. When organisations

anchor sensitive workloads in UK colocation,

they can define those access routes more

tightly and keep the evidence trail cleaner,

then connect into cloud services that meet

the same requirements."

WHAT HOLDS UP WHEN

DECISIONS ARE TESTED

A repatriation programme that reduces

sovereignty risk depends on evidence, not

intent, because auditors and customers will

test claims during incidents and supplier

changes. The organisations that handle this

cleanly tend to reduce the number of

environments that hold sensitive data,

maintain a clear map of access routes and

administrative roles, and document how

recovery processes work in practice. Those

steps can be applied in any hosting model,

yet they are often easier to execute and

evidence when critical components sit in a

UK-controlled environment with clearly

defined access and operational ownership.

As cloud strategies mature, "bringing data

home" is becoming less about nostalgia for

on-premises infrastructure and more about

governance reality, because boards want the

organisation to demonstrate control under

pressure. UK-sovereign colocation provides

one of the clearer routes for organisations

that need location certainty, auditable

control, and the ability to integrate cloud

services through governed connectivity, while

keeping the operating model defensible

when it is examined in detail. NC



OPINION: THE MODERN WORKSPACE

THE FUTURE OF WORK: BUILDING THE

MODERN WORKSPACE

HYBRID MODELS, AI-DRIVEN WORKFLOWS, AND HUMAN-CENTRIC

TECHNOLOGY ORCHESTRATION WILL NO LONGER BE OPTIONAL,

THEY WILL REDEFINE HOW COMPANIES ATTRACT TALENT, DRIVE

PRODUCTIVITY AND STAY COMPETITIVE, ACCORDING TO PETER

MCLEAVERY, SOLUTIONS ARCHITECT AT CYBIT

Over the past year alone, AI adoption

has moved from tactical use cases to

core business functions, accelerating

faster than many leaders anticipated.

Organisations using AI in at least one business

function have increased from 78% to 88%

since just last year. This rapid uptake and hybrid

work style trending brings new challenges

around governance, security and integration.

Alongside this, the growing complexity of

technology stacks means organisations must

rethink how they design and orchestrate work,

and how AI fits into that picture.

Designing a reliable modern workspace

requires more than adopting new tools; it

needs seamless infrastructure, responsible AI

governance, and intelligent integration that

empowers employees while keeping operations

secure and efficient.

THE INVISIBLE INFRASTRUCTURE OF

HYBRID WORK

Hybrid success depends on far more than

flexible working policies. Behind every

seamless hybrid experience is an invisible

layer of infrastructure that ensures employees

can work productively and securely,

regardless of location. Identity management,

device readiness and network optimisation

are fundamental.

When done well, they become seamless,

allowing employees to access the same

systems, data and collaboration tools

wherever they are. Secure identity controls

ensure the right people have the right access

at the right time. Device lifecycle management

keeps endpoints compliant, updated and

protected. Robust, optimised networks reduce

latency and performance issues that quietly

erode productivity.

Access itself should follow a least-privilege

model, with just-in-time administrative rights

reducing standing exposure. Device lifecycle

management keeps endpoints compliant,

updated and protected, while posture-based



OPINION: THE MODERN WORKSPACE

access ensures only trusted, healthy devices

can connect to corporate resources. At the

data layer, classification policies and data loss

prevention (DLP) controls help protect sensitive

information as it moves across email,

collaboration platforms and cloud storage.

Robust, optimised networks reduce latency

and performance issues that quietly erode

productivity, while continuous monitoring and

incident response readiness ensure that

threats are identified and contained before

they disrupt operations. Without this

foundation, hybrid work quickly becomes

fragmented and frustrating. With it,

organisations create a consistent, secure

experience that feels effortless to employees

and resilient to IT teams.

AI GOVERNANCE AS A WORKSPACE

FEATURE

As AI becomes embedded in everyday

workflows, organisations must ensure

responsible use in 2026 and beyond. This

means implementing defaults such as internal

data restrictions, automatic source citations,

retention limits and watermarks for synthetic

content. In 2026 and beyond, organisations

will need to define clear data boundaries

around AI usage. What data is approved for

AI processing? What is strictly off-limits? Can

sensitive customer information be used to train

prompts? Are employees pasting confidential

material into public models? Without clear

answers, convenience quickly turns into risk.

Governance must move from theory to

default settings. That means enforcing internal

data restrictions automatically. It means

ensuring AI-generated outputs include source

citations where appropriate. It means applying

retention limits so sensitive prompts don't live

forever. And it means watermarking synthetic

content to prevent confusion or misuse.

Governance should be operationalised

through approval gates and transparent audit

trails, reducing risk and maintaining trust

without slowing productivity. Approval gates

should exist where risk is highest. Not to block

innovation, but to ensure high-impact use

cases are reviewed before deployment. Usage

monitoring and transparent audit trails must

provide visibility into how AI tools are being

used across the organisation.

When know guardrails are built into the

system, they can use AI confidently.

Meanwhile, leaders can retain visibility into

how AI is being applied across the business.

When executed well, AI governance becomes

an enabler of trust and scale - enhancing

productivity and efficiency. In 2026, the

organisations that scale AI successfully will not

be the ones with the most tools. They will be

the ones with the clearest boundaries.

HUMAN-CENTRIC TECH

ORCHESTRATION

Adding more tools does not guarantee

productivity. In many organisations,

productivity suffers not from a lack of

technology, but from fragmented systems and

disjointed workflows. Human-centric

orchestration focuses on how work actually

gets done. This means mapping end-to-end

workflows and integrating platforms so context

flows naturally between tasks, teams and tools.

In doing so, employees spend less time

switching systems or re-entering information,

and more time on meaningful work.

AI has a powerful role to play here. By

analysing workflows and usage patterns, AI

can identify inefficiencies, highlight

optimisation opportunities and even

recommend smarter ways of working.

However, these capabilities can only deliver

value when paired with robust cybersecurity

controls and workforce readiness. Secure

architectures, clear training and change

management ensure that orchestration

enhances productivity without introducing

new risks.

Adoption is equally critical. Even the most

well-designed systems fail if employees do not

understand how to use them effectively. Rolebased

training, practical usage guidance and

a structured champions programme can

accelerate engagement and embed new ways

of working. By empowering influential users

within teams to model best practice and

provide peer support, organisations can drive

sustainable behavioural change and maximise

return on their technology investments.

DESIGNING THE WORKSPACE FOR

2026 AND BEYOND

The modern workspace is no longer defined

by a physical office or a collection of

applications. It is an ecosystem where

infrastructure is invisible, AI is governed by

design, and technology is orchestrated

around people, not processes alone.

Organisations that invest now in seamless

foundations, responsible AI governance and

human-centric orchestration will be best

positioned to thrive in 2026 and beyond.

Those that continue to layer tools without

rethinking how work is designed risk falling

behind - not because they lack technology,

but because they lack coherence. NC



OPINION: LEGACY SYSTEMS

A LASTING LEGACY?

MODERNISING LEGACY SYSTEMS AMID AGEING INFRASTRUCTURE AND SKILLS SHORTAGES

Legacy systems remain essential to global

business operations. They run core

processes, hold important data and are

relied on by teams across the world every

single day. Yet as organisations globally

accelerate digital transformation plans, the

future of these core systems is being

questioned. With the skills required to

maintain and enhance these systems

disappearing there is a growing perception

that they are outdated, at risk of failure and,

therefore, urgently require modernisation.

It is not the core applications that require

change. They are functionally rich and, with

the right approach, could and should run for

years to come. The concern is the surrounding

infrastructure. Ageing hardware. Operating

systems that have not been updated or

patched. Untested recovery plans and,

critically, a lack of the robust cyber security

protocols, including Multi Factor

Authentication (MFA) that are now essential.

Modernisation is required, but it is a

modernisation of the infrastructure, not the

core applications. Improving resilience,

tightening security and putting stronger

protection around existing systems not only

reduces risk but also provides a foundation

for further innovation, including the

introduction of cloud services and

automation. Wayne Kiphart, CEO CloudFirst

Global, explains why modernising the

infrastructure is the key to delivering secure,

reliable and resilient legacy systems that will

continue to deliver value for years.

OVERTURNING MISPERCEPTIONS

The lack of IT skills globally is widely

acknowledged but the problem is particularly

concerning when it comes to older systems. As

the experts who built these vital platforms

retire, younger generations have not been

trained in the skills to maintain the

infrastructure nor, sadly, have they learnt their

continued importance in the global

technology landscape.

The lack of skills has led far too many

companies to lag behind on essential

operating system updates. Indeed, with

systems in use 24x7, the inevitable tension

between IT and the business makes it tough to

achieve the essential downtime window

required to make the upgrades, leaving

companies vulnerable to the ever-increasing

sophistication of cyber security attacks and,

inevitably, increasing reliability concerns for

the IT team.

Furthermore, there is a growing perception

that these systems are outdated, antiquated

and redundant. This view is not only flawed

but is also leading companies to make very

expensive mistakes in their modernisation



OPINION: LEGACY SYSTEMS

strategies. Many businesses have migrated

to a completely new system, only to discover

that it lacks the functionality of the original

built up over many decades. Despite a

multi-million-pound investment, the business

still relies on core aspects of the legacy

solution. It cannot switch off the old midrange

system and ends up running two

platforms side by side. More cost, more

maintenance and, of course, more risk.

RECONSIDERING MODERN

Given the significance of global systems

still reliant upon mid-range and

mainframe technologies - including

finance, manufacturing, distribution and

logistics - it is vital to challenge this

misperception. These 'legacy' applications

are not only vital to the business, they are

running on hardware platforms and

operating systems designed specifically for

applications that demand security,

reliability and scalability. Without question,

they are still fit for purpose.

The issue is not that these technologies are

outdated - indeed, providers such as IBM

are increasingly embedding modern tools

including MFA and AI within mid-range

operating systems. It is that without the skills

to maintain and upgrade solutions,

organisations are adding risk of failure and,

critically, failing to make the most of ongoing

innovation. The implications are far

reaching. Failure to have the security

procedures in place - such as MFA - could

invalidate cyber security insurance or

dramatically increase the cost. Disaster

recovery models are untested and resilience

solutions lacking the high availability

required by 24x7 operations.

When it comes to 'modern' technology

strategies, it is infrastructure led issues, most

notably security, that should be the priority.

These applications work. They are tried,

trusted and reliable. What doesn't work for

many companies is the state of the legacy

infrastructure. And, without access to a team

of skilled mid-range and mainframe experts,

that is a problem that simply cannot be

resolved.

FUTURE PROOFING

INFRASTRUCTURE

Rather than leaving core operational systems

running as is and hoping for the best, the

most effective way to modernise is to work

closely with a partner that can improve the

legacy infrastructure. With a team of

engineers who know these platforms inside

out, a partner can manage the system

upgrades and get the company back on

track with the routine updates and patches

required to not only embed resilience but

also provide access to the latest innovation.

Taking this approach enhances the quality

of the legacy platform - often reducing costs

by maximising the power of modern

processing technology. It also frees up inhouse

IT staff to concentrate on the

application and end user experience. It

enables companies to make the most of

MFA and AI tools such as IBM's Bob and

supports the migration of storage to the

cloud, for example, as well as highlighting

opportunities for automation.

Once the infrastructure is in a stable state,

a partner can also continually monitor the

system to ensure it is performing and

available. It can inform recovery and

availability strategies, addressing the distinct

differences between disaster recovery -

when the timing of the last trusted data is

known - and cyber recovery, when it most

definitely is not known. Critically, access to

a breadth of skills can ensure the 'legacy'

platform is not just supporting critical

operations but doing so in a way that is

controlled, managed and trusted.

CONCLUSION

Modernisation is important, but

it's rarely straightforward. The

pressure to move faster is

inevitable but rushing

change into environments that have long

relied on stability and familiarity can backfire

quickly. Uptime matters. Security matters.

Organisations can't afford disruption just to

say they've modernised. They also cannot

afford to discard functionally rich

applications that have been created over

decades to deliver core business operations

that continue to run reliably and efficiently.

Modernisation is not a clean break, but a

practical way of keeping critical systems

running while gradually moving towards

something more sustainable. By working with

a partner with the expertise required,

organisations can reduce their reliance on a

dwindling number of specialists. They can

gain value from a modernised infrastructure

that provides a foundation for measured

change without destabilising what the

business still depends on. And they can

begin to explore opportunities to innovate

and drive the continual improvement that

underpins digital transformation goals. NC

Wayne Kiphart, CEO CloudFirst Global



OPINION: AUTOMATION

HOW AUTOMATION BECAME THE BACKBONE OF NETWORK SECURITY

AUTOMATION HAS EVOLVED FROM A USEFUL EFFICIENCY TOOL INTO THE OPERATIONAL

BACKBONE OF MODERN NETWORK SECURITY AS KYLE WICKERT, FIELD CTO AT ALGOSEC EXPLAINS

Automation has firmly established

itself as the backbone of modern

network security. What was once

seen as something advantageous to aim

for is now more or less expected,

underpinning everything from policy

enforcement and compliance to day-to-day

operational consistency across increasingly

complex hybrid environments. It's become

the mechanism that allows security teams

to maintain control at scale, reducing

manual effort while keeping pace with

constant change.

But that progress isn't evenly distributed.

According to AlgoSec's State of Network

Security 2026 report, while 24% of

organisations now operate at a high level

of automation, one in five still rely primarily

on manual processes. So, while automation

may be widespread, maturity varies

significantly, and that inconsistency is

quickly becoming one of the defining

challenges in network security today.

FROM EFFICIENCY TOOL TO

OPERATIONAL BACKBONE

Automation has become so deeply

embedded in how network security operates

day-to-day, that it now supports the

continuous enforcement of policy across

hybrid environments, ensures compliance

requirements are met without constant

manual intervention, and validates changes

before they go live. And as environments

have expanded across cloud, on-prem, and

distributed architectures, the role of

automation has expanded with them.

Policies need to be applied consistently

across multiple control points, changes

need to be tracked and verified in real time,

and risk needs to be assessed in context

rather than in isolation. Automation

provides the structure that makes this

possible, allowing teams to maintain

alignment between what was intended and

what is actually running.

All of this has changed how automation is

perceived. It sits at the center of operational

control, shaping how policies are enforced,

how environments are governed, and how

teams manage complexity at scale.



OPINION: AUTOMATION

THE MATURITY GAP

Despite widespread adoption, automation

maturity varies significantly across

organisations. Some have embedded it

across their environments, linking workflows,

policies, and enforcement into a cohesive

system. Others are still applying it in isolated

pockets, automating individual tasks without

extending that consistency across the

broader network.

According to the above report, while 24%

of organisations report high levels of

automation, a further 26% saw they're

using it at lower levels, creating a middle

ground where progress is fast for some but

slow for others. Many organisations sit in a

transitional state, where automation exists

within certain teams or tools, but hasn't

been extended across the full network

security lifecycle.

This is potentially quite risky, because it

creates an uneven operating model where

policies may be enforced automatically in

one environment but handled differently in

another. Changes may be validated in some

workflows but not in others. Over time, these

gaps accumulate, making it harder to

maintain a clear and accurate picture of risk.

AI IS A BENEFIT, NOT A SHORTCUT

As automation becomes more established,

attention is turning to what comes next.

Agentic AI is starting to extend what

automation can do, introducing a layer of

context and analysis that goes beyond

predefined workflows. It can surface patterns

across complex environments, highlight

potential policy conflicts, and provide

recommendations based on how changes

are likely to play out in practice.

These capabilities are already finding a

place in day-to-day operations, improving

visibility across hybrid networks, identifying

policy drift, and prioritising risk in ways that

would be difficult to achieve manually. In

other words, it adds a level of intelligence to

existing processes, helping teams interpret

what's happening across their environments

rather than just execute predefined actions.

Most organisations are still cautiously

applying agentic AI in controlled scenarios

where outcomes can be observed and

validated. Decision-making still sits with

human teams, with AI acting as a

supporting layer rather than a replacement.

This is the right approach, where new

capabilities are introduced incrementally

and integrated into existing frameworks

rather than deployed all at once.

THE NEXT BARRIER ISN'T

TECHNOLOGY, BUT ALIGNMENT

The next phase of automation isn't being

held back by capability. The tools are there,

and in many cases, they're already delivering

value. The challenge lies in how those tools

are connected - or, more often, how they

aren't. Automation, policy management, and

AI-driven insights frequently operate across

different systems, owned by different teams,

with limited coordination between them.

This lack of alignment makes it difficult to

scale automation beyond individual use

cases. A workflow might be automated

within a single tool, but without shared

policy frameworks or unified visibility, its

impact remains contained. Decisions made

in one part of the environment don't always

carry through to others, creating gaps in

enforcement and inconsistencies in how risk

is managed.

The report reflects a clear shift toward

consolidation as a direct response to this

very challenge. Around three quarters of

organisations have already brought at least

some of their security tools or policies under

a single management layer, pointing to a

broader move toward unified control. As

environments continue to grow in

complexity, that kind of alignment is

becoming essential to ensure automation

works as part of a connected system rather

than a collection of isolated processes.

Automation has earned its place at the

core of network security, but its effectiveness

now depends on how well it is connected,

governed, and understood across the entire

environment. The next phase of growth will

be defined by cohesion, where aligned

policies, integrated workflows, and trusted

oversight determine whether automation

delivers control, or just more complexity. NC



SECURITY UPDATE

WHY SOC ALERT FATIGUE HAS BECOME A SYSTEMIC UK CYBER RISK

IN THE UK AND ACROSS EMEA, ALERT FATIGUE HAS CROSSED A THRESHOLD AND IS NO LONGER

JUST A TACTICAL INCONVENIENCE OR A WORKFORCE ISSUE ALONE. BRETT CANDON, VP

INTERNATIONAL, DROPZONE AI OUTLINES THE RISK

For years, alert fatigue has been treated

as an operational inconvenience; an

unavoidable side effect of modern

security tooling and an unfortunate burden

placed on already stretched security

operations centre (SOC) teams. Today, that

framing is no longer adequate. For SOC

teams operating in in tightly regulated

industries and particularly those subject to

stringent UK regulations, alert fatigue has

become a systemic cyber risk to businesses.

In today's escalating threat landscape, the

volume, velocity, and ambiguity of alerts now

exceed what human led security operations

were ever designed to absorb. At scale, false

positives turn alert volume into risk, consuming

attention while genuine threats hide in plain

sight. This can create an imbalance that

obscures threats and produces blind spots that

attackers actively exploit.

ALERT FATIGUE IS NO LONGER JUST

A SOC PROBLEM

Modern organisations generate thousands of

security alerts every day across endpoint,

identity, cloud, and network environments.

Even well resourced SOCs have to make trade

offs about what is investigated, deferred, and

what is quietly dismissed. These decisions are

rarely reckless; they are pragmatic responses

to impossible workloads.

But this is where alert fatigue becomes

dangerous. When large volumes of alerts go

untriaged or partially investigated,

organisations are no longer managing risk.

They are accumulating it. Over time, the

consequences of missed investigations can

extend far beyond the SOC and into the

operational resilience of businesses, public

services, and critical infrastructure.

FROM ANALYST BURNOUT TO

BUSINESS DISRUPTION

Alert fatigue is often discussed in human terms:

burnout, stress, attrition. These are serious

issues in their own right, particularly in a UK

labour market already facing a

shortage of experienced cyber

professionals. However,

the more immediate

concern for boards

and CISOs is the

operational

impact.

Across the UK

and EMEA,

post-incident reviews have repeatedly shown

that security alerts were present but not fully

investigated before incidents escalated into

service disruption, data exposure, or

operational shutdowns. In many cases, the

issue was not a lack of tooling, but a lack of

capacity to interpret and act on what the tools

were already signalling.

ATTACKERS UNDERSTAND THE GAPS

Threat actors have adapted to this reality. They

no longer rely on single, noisy events. Instead,

they generate activity that blends into

background alert noise, exploit business critical

systems outside core working hours, and move

laterally while SOC queues grow unchecked.

This is not a failure of individual analysts. It is a

predictable outcome of security operating

models that depend on sustained human

vigilance in environments that never pause.

SOC FATIGUE FIRMLY A

LEADERSHIP ISSUE

In the UK, regulatory pressure is sharpening

the consequences of these gaps.

Frameworks such as NIS2, evolving UK

cyber resilience policy, and sector specific

obligations place clear expectations on

organisations to detect, respond and

recover from incidents in a timely manner.

When alert fatigue undermines those

capabilities, compliance becomes fragile.

More importantly, resilience becomes

theoretical. At the intersection of frontline

operations and boardroom accountability,

CISOs cannot meaningfully govern risk if they

lack visibility into what is being investigated,

what is being deferred and where backlogs are

silently growing. This makes it difficult to make

data-informed decisions on investment,

staffing, and tooling.



SECURITY UPDATE

THE DIFFICULTY OF CONTAINING

SOC BLIND SPOTS

One of the most dangerous

misconceptions is that alert fatigue is

contained within the SOC. In reality, its

effects cascade outward, creating

inconsistency in how alerts are triaged,

investigated and resolved. Inconsistent

triage leads to uneven response quality.

Knowledge becomes siloed within

individuals or shifts, making outcomes

dependent on who happens to be on

duty. At scale, these inconsistencies

undermine trust, both internally between

teams, and externally with customers,

regulators, and partners.

As a result, alert fatigue can quickly

snowball, leading to a lack of consistency

in how alerts are triaged. When

investigations depend on memory rather

than embedded context, quality fluctuates.

As SOCs grow, these variations

compound. Alert fatigue accelerates this

further by forcing teams to prioritise

throughput over depth.

THE DANGERS OF ALERT FATIGUE

FOR MSSPS

If alert fatigue creates hidden risk inside a

single organisation, it is magnified within

managed security environments. For

MSSPs, analysts operate across dozens of

client environments with different tools,

architectures, risk tolerances, and

escalation expectations. This constant

context-switching increases cognitive load

and makes triage difficult at scale.

In these environments, alert fatigue

becomes more than an operational

concern. It introduces variability into

investigation quality, increases exposure to

missed or delayed incidents, and

ultimately places service consistency and

client trust at risk. For MSSPs, this moves

alert fatigue from a technical issue to a

commercial one.

MOVING BEYOND REACTIVE TRIAGE

Reducing alert fatigue does not mean

suppressing alerts indiscriminately or

accepting greater risk. It requires rethinking

how investigations are performed and

governed. Operationally, this starts with

acknowledging that human only triage

cannot scale indefinitely. Instead,

autonomous alert investigations,

augmented with human decision-making

and oversight, can help to absorb alert

volume, investigate continuously, and

surface genuine threats.

ALLEVIATING SOC ALERT FATIGUE

Addressing alert fatigue requires a

fundamental shift in how security

operations are governed. The following

principles underpin resilient SOC models:

Security operations must be designed

for continuous investigation, recognising

that threats emerge at all hours and

investigation models should not

degrade overnight or on weekends.

Metrics should reflect investigative

depth and outcome, not just alert frequency

or closure rates.

Operational understanding must be

embedded in SOC systems and

processes, rather than residing in the

cognitive ability of individual analysts.

Autonomous investigation should focus

on gathering evidence, correlating signals,

and reducing noise, while human

oversight remains central to judgement

and response.

Leadership needs visibility into backlog

trends, investigation coverage, and

consistency to govern risk effectively.

Alert fatigue is now a systemic risk

In the UK and across EMEA, alert fatigue

has crossed a threshold. It is no longer a

tactical inconvenience or a workforce issue

alone. It is a structural and governance risk

that attackers exploit, and regulators

increasingly scrutinise. Treating it as such

requires moving beyond incremental fixes

and addressing the operating model itself.

The organisations that succeed will be

those that recognise alert fatigue not as a

symptom, but as a signal that their security

operations must evolve. NC



OPINION: HPC AND AI

A VALID FUTURE FOR HPC AND AI

VALIDATION WILL DEFINE THE FUTURE OF HIGH PERFORMANCE COMPUTING AND AI

ACCORDING TO DAIRSIE LATIMER, TECHNOLOGY FELLOW AT RED OAK CONSULTING

High Performance Computing (HPC)

and Artificial Intelligence are coming

together faster than ever. The

combination is powerful. It is already helping

organisations move quicker in areas like

drug discovery, climate modelling and

complex engineering. But there is a growing

issue that is not being talked about enough.

How do we learn to trust the outputs that AI

is producing inside these environments?

To many that question matters more than

speed or scale. Because if the outputs are

wrong, everything built on top of them is at

risk. And so HPC providers and their users find

themselves at an inflection point, where they

must adapt or risk being left behind.

HPC AND AI ARE NOT NATURALLY

ALIGNED

HPC has long focused on numerical rigour,

reproducibility, and well understood error

bounds. Its value comes from supporting

scientific and engineering workflows where

results must be explainable and repeatable.

However, even in HPC environments,

reproducibility is not automatic. Parallelism,

floating point behaviour, and hardware

variability can introduce run to run variation

unless explicitly controlled.

AI works differently. Many AI techniques

are statistical in nature and may incorporate

stochastic elements, particularly during

training or when using sampling based

methods. This makes AI extremely

powerful, but also means its

outputs can be sensitive to data,

assumptions, and operating

conditions.

Today, the two are no longer

separate conversations. AI and

HPC are now tightly interlinked,

and that is not going to

change. AI depends on HPC

class infrastructure for the

scale and performance

needed to train and run

models, while HPC is

increasingly using AI techniques

to accelerate workloads and unlock

new efficiencies.

Bringing AI into HPC

environments means combining

deterministic numerical

methods with statistical or

learning based approaches. That tension is

manageable, but it means trust cannot be

assumed by default

VALIDATION IS BECOMING A REAL

DIFFERENTIATOR

For a long time, HPC providers have just

competed on prince and performance. Faster

systems, delivering more performance, for less

power at greater scale, but with AI that is

starting to change, with a definitive competitive

edge delivered by strong validation,

verification and governance capabilities.

As AI becomes part of the stack, customers

are asking different questions. They are not

just asking how fast a system is. They want to

know how models and their outputs are

validated and how results can be justified

and trusted. This is especially true in sectors

where the stakes are high. Healthcare,

finance, energy and defence all rely on

accurate outputs. If AI is involved in those

workflows, there have to be ways to prove it is

working as intended.

Providers that can demonstrate strong

validation and verification will stand out, and

those that cannot will struggle to compete in

highly regulated markets.

AI OUTPUTS NEED TO BE PROVEN

OVER TIME

There is a common assumption that if an AI

model performs well in training, it will

continue to perform well in production.

However, that is not always the case. Models

can drift as data changes, and conditions can

shift. Ultimately, what worked yesterday might

not work tomorrow.

Within HPC environments, this becomes even



OPINION: HPC AND AI

more important. AI outputs may influence

simulation choice, parameter selection, or

decision making pipelines. If those outputs

are not continuously checked, errors can

propagate or scale rapidly

Validation therefore cannot be a one off

activity. It has to be built into the full

lifecycle from training through to

deployment and continuous monitoring.

Trust is not static, it has be maintained.

DATA IS NOW ONE OF THE MOST

VALUABLE ASSETS

Good validation depends on good data.

Not just any data, but high quality, well

characterised and contextualised. Historical

datasets are especially valuable as they

allow you to compare predictions against

known outcomes, detect anomalies, and

validate models against data not

necessarily in their training sets.

This is why high-quality data (and not data

already being used to train models) is

increasingly so scarce and so valuable.

Organisations that have deep, well curated

datasets are in a much stronger position.

They can train better models and they can

validate them properly. Without that

foundation, validation becomes far harder

and less reliable.

BUYING DECISIONS ARE SHIFTING

This shift is already affecting how

organisations invest in HPC. Of course,

performance still matters, but it is no

longer the only factor. End users want

confidence that the systems they are using

will produce reliable results, especially

when AI is involved. Providers of

infrastructure want to ensure that models

run efficiently and reliably.

In some cases, validation capability is

becoming a deciding factor. If there is no

clear way to verify outputs, organisations

are reluctant to commit, and this creates

a clear opportunity for providers. Those

that can show strong validation

frameworks and transparent processes will

have an advantage. It is no longer just

about delivering compute. It is about

delivering trust.

BUILDING TRUST INTO THE SYSTEM

The relationship between HPC and AI will

only grow stronger, mainly because the

benefits are too significant to ignore. But for

that to work at scale, trust has to be built in

from the outset.

That means thinking differently about how

systems are designed and how models are

deployed. It means investing in data quality

and making validation a core part of the

workflow rather than an afterthought.

Ultimately, speed without confidence does

not deliver real value. The organisations

most likely to succeed will be the ones that

recognise this early and invest accordingly.

They will focus not just on what their

systems can do, but on how much those

systems can be trusted. NC



OPINION: OPERATIONAL RESILIENCE

BRIDGING THE CYBER CONFIDENCE GAP

WORKPLACE CYBER CONFIDENCE IS NOW A BOARD-LEVEL IMPERATIVE FOR UK ORGANISATIONS

ACCORDING TO SEAN TILLEY, SENIOR DIRECTOR SALES EMEA, 11:11 SYSTEMS

Self-assurance and confidence is an

essential and hard-earned skill for

business leaders. Boards are expected

to provide clarity during volatility and

reassurance during disruption. However,

cyber security presents a challenge:

technology evolves continuously, threat actors

adapt at speed and regulatory scrutiny

continues to intensify.

Within this environment, many organisations

express belief in their cyber resilience, even as

the underlying systems and risks evolve

beneath them. In this context, confidence

rooted in assumption can diverge quickly from

assurance grounded in operational evidence.

Recent research from 11:11 Systems

suggests that belief deserves a closer look. In

our global survey of more than 800 senior IT

leaders, 82 per cent reported experiencing at

least one cyberattack in the past year, of

which 57 per cent faced two or more attacks.

At the same time, 81 per cent believe their

organisations are overconfident in their

recovery capabilities.

These findings present a serious disconnect

between confidence and reality and signal

that boards must seek demonstrable evidence

that their cyber resilience plans are in place

and can withstand real-world pressure. This

resilience is defined by the proven ability to

restore critical services within tolerable

business impact thresholds.

WHEN OPERATIONAL DISRUPTION

REACHES THE BOARDROOM

High-profile incidents across the UK illustrate

how quickly a cyber event escalates into an

enterprise-wide issue. The disruption at

Jaguar Land Rover affected production and

supply chains, while the attack impacting

Marks & Spencer exposed the commercial

consequences of downtime across online

trading and stock systems.

Often, reputational damage and

operational paralysis unfold simultaneously,

which is an issue that affects a business well

beyond its IT function. Under the UK

Corporate Governance Code,

boards retain responsibility

for maintaining robust risk

management and internal

control systems, placing

cyber resilience squarely

within their remit.

Such incidents underline a

broader lesson: downtime carries measurable

commercial impact. Boards can respond by

reframing recovery metrics in business terms,

such as revenue exposure per hour, risk of

customer loss, contractual obligations, and

regulatory reporting timelines.

Obligations under frameworks such as the

UK's Data Protection Legislation and the NIS2

Directive reinforce that recovery capability

carries formal accountability as well as

commercial consequence. When recovery

capability is translated into financial and

operational language, resilience becomes

embedded within mainstream governance

rather than treated as a specialist concern.

THE HIDDEN RISK OF UNTESTED

ASSUMPTIONS

Many organisations possess documented

recovery plans, backup environments and

incident response procedures. On paper,

these safeguards appear comprehensive. The

vulnerability emerges when plans are

insufficiently tested against realistic and

evolving threat scenarios, creating a gap

between preparedness in theory and

operational readiness.

The presence of backups alone does not

guarantee recoverability, particularly as

modern ransomware campaigns increasingly

seek to compromise or encrypt recovery

environments themselves.

Closing that gap requires discipline and

regular validation. Scenario-based stress

testing, executive simulations and

independent review provide boards with

tangible insight into how systems and teams

perform under pressure. By institutionalising

testing and learning cycles, organisations

replace assumptions with evidence and




ensure that recovery capability reflects

current threat realities rather than

historical comfort.

From our experience facilitating table-top

ransomware scenarios, we are struck by

how every team that participates works

differently. This indicates there is no 'one

size fits all' approach to disaster response,

so it is of high importance that boards

take the time to learn how their individual

teams respond to crises, and what

measurements to put in place to remedy

identified weaknesses.

RESILIENCE AS A MEASURE OF

GOVERNANCE

Markets, regulators and stakeholders

increasingly view operational resilience as

a hallmark of organisational maturity.

When recovery mechanisms falter, the

consequences extend from disrupted

operations to intensified regulatory

scrutiny, insurance disputes, and erosion

of customer confidence.

Cyber insurers are also placing greater

emphasis on independently validated

recovery controls, making evidence-based

resilience a financial as well as

operational consideration. In this

environment, resilience shapes

perceptions of leadership credibility and

long-term stability.

Boards can strengthen that credibility by

integrating cyber recovery oversight into

enterprise risk management frameworks.

Regular reporting, independent validation

and clear accountability at board level

establish resilience as a governed

discipline. Aligning cyber recovery

scrutiny with the rigour applied to

financial oversight ensures that

confidence is supported by transparent

performance measures.

Cyber incidents will remain a feature of

business for as long as we remain digital.

The difference between temporary

disruption and sustained damage lies in

the speed and certainty of recovery.

Organisations that rely solely on internal

assurance risk discovering weaknesses at

the worst possible moment.

Boards that seek proof through testing and

measurement place their confidence on

firmer ground. In doing so, they signal to

investors, regulators and customers that

resilience is embedded within strategic

decision-making. As UK cyber and resilience

expectations continue to evolve, the threshold

for preparedness is unlikely to remain static.

As UK organisations navigate an

increasingly complex risk landscape,

validated cyber recovery capability stands

as a defining expression of responsible and

confident leadership. NC




SPOTTING THE RESILIENCE GAP IN THE CLOUD

SMART CLOUD PARTNERS MUST STEP UP AGAINST EUROPE'S LOOMING RESILIENCE GAP, SAY ALSO

Last year, the European IT landscape

breathed a collective sigh of relief; the

January 2025 deadline for the Digital

Operational Resilience Act (DORA) had

passed. Many organisations treated it like

a finish line - a one-and-done marathon of

paperwork and technical audits. Looking

ahead to 2026, however, it is clear that

this finish line was only a starting block for

the next era of building a competitive edge

for businesses.

A recent report from Boston Consulting

Group warns that Europe's digital

infrastructure faces a serious "resilience

gap" and that a large-scale or prolonged

outage could cause cascading crises

across essential services, including

payments, financial stability and emergency

response systems.

Mark Appleton, Group Lead Vendor

Ecosystem Development at ALSO Group,

stresses that this report, amongst similar

warnings, highlights exactly why 2026 is the

year resilience must become measurable,

necessitating an evolved role across cloud

partners and IT providers.

"Resilience has evolved in today's market

to become more than just a checkbox for

the risk department, and instead to be a

commercial differentiator and legal

obligation in the post-DORA era," says

Appleton. "Against a backdrop of

machine-speed threats and interconnected

supply chains, orchestrated resilience

paves the way for an antifragile business

strategy to gain advantage. Europe's

digital ecosystem is now so interconnected

that a failure anywhere can quickly

escalate to failures everywhere."

"The shift from implementation to

enforcement is already visible in supervisory

behaviours. Regulators need more than just

seeing policy on paper; they are now

demanding real-time proof of continuity

under stress test audits. It's now just as

important to be able to display how your

multi-vendor ecosystem behaves when a

primary cloud region goes dark or a critical

SaaS provider faces a breach."

Appleton continues by highlighting the

differences in mindset for smarter,

competitive cloud partners. "Smart cloud

partners already understand that fragmented

systems and untested failover mechanisms

are now operational liabilities, not IT

nuisances. Under DORA, a vulnerability in

your smallest sub vendor is a vulnerability in

you. The supply chain is effectively treated

as a single digital organism. Financial

entities that historically relied on internal

post-mortems will struggle unless they

automate resilience testing, reporting and

vendor governance.

"Now, accountability is squarely extended

to ICT third-party providers, including cloud

platforms and MSPs, with ESA now

empowered to designate critical third-party

providers for direct insight.

"A vulnerability anywhere in the digital

supply chain is now treated as a vulnerability

everywhere. Therefore, a continuous, databacked

validation of operational readiness

is key to the resilience that businesses will

need to align with in 2026."

Appleton further outlines that proving

resilience is built into cloud operations - into

their DNA - is the key to staying competitive

in 2026. "A practical roadmap for 2026

involves mapping your digital dependency

stack, building multi-vendor resilience into

your architecture, automating your incident

reporting, and strengthening vendor

governance through clear exit strategies.

"A cloud marketplace is rapidly becoming

the de facto compliance registry in Europe.

By aggregating configuration data, identity

controls, activity logs and posture

monitoring across multi-vendor

environments, it turns resilience into a

measurable, data-driven workflow rather

than an annual fire drill."

Appleton concludes, "From integrated DRaaS

to automated incident reporting, proven

resilience demonstrates operational readiness

every single day. As large-scale outage

scenarios become more plausible, customers

will gravitate toward partners who can offer

real-time evidence of continuity." NC



EVENT ORGANISERS:

Do you have something coming up that may

interest readers of Network Computing?

Contact dave.bonner@btc.co.uk

FORTHCOMING EVENTS

2026

FORTHCOMING EVENTS

FORTHCOMING EVENTS

2-4

JUNE

14-16

OCT

INFOSECURITY EUROPE

ExCel, London

www.infosecurityeurope.com

DTX

Excel, London

www.dtxevents.io/london

NCLATEST

Transform your PDFs into Flipbooks and boost your revenue!

Delete template?

Save as template ?