NC Nov-Dec 2019
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NETWORKcomputing<br />
I N F O R M A T I O N A N D C O M M U N I C A T I O N S – N E T W O R K E D www.networkcomputing.co.uk<br />
MAKING THE GRADE<br />
Are organisations too<br />
dependent on APIs?<br />
THE TRUST INDEX<br />
Taking the next step in cybersecurity's evolution<br />
EDGE OF TOMORROW<br />
What does the future hold for edge computing?<br />
DISRUPTION AGENDA<br />
Tackling the emerging cyber-physical threat<br />
NOVEMBER/DECEMBER <strong>2019</strong> VOL 28 NO 06
11-12 March 2020<br />
ExCeL, London<br />
MISSION<br />
IMPOSSIBLE<br />
Cloud Expo Europe, the UK’s biggest and best attended technology event, returns on 11-12<br />
March 2020 at ExCeL London.<br />
Technology enabled change is on the boardroom agenda for businesses of all types and sizes. Cloud Expo<br />
Europe is the UK’s leading event for connecting technologists, business leaders and senior business managers<br />
with experts, solutions and services to help accelerate digital transformation plans.<br />
Whether you are cloud-first, scaling up, refining, or just getting started, Cloud Expo Europe is an unrivalled<br />
opportunity to meet with leading technology innovators and service providers. Network with your peers. Access<br />
a wealth of knowledge and advice including emerging trends, tech deep dives, lessons learned and market<br />
forecasts.<br />
Our 2020 speaker line-up includes:<br />
DENISE<br />
DOURADO<br />
Cloud Digital<br />
Transformation<br />
Director<br />
HMRC<br />
DANIEL<br />
MARION<br />
Chief of<br />
Information and<br />
Communication<br />
Technology<br />
UEFA<br />
ANNA<br />
BARSBY<br />
Award-winning CIO<br />
CIJO<br />
JOSEPH<br />
Chief<br />
Information<br />
Officer<br />
Mitie<br />
MAJOR-GENERAL<br />
THOMAS<br />
COPINGER-SYMES<br />
Director of Military<br />
Digitisation<br />
Joint Forces<br />
Command<br />
NICK<br />
MITROVIC<br />
Chief<br />
Technology<br />
Officer<br />
Oxfam<br />
Visit www.cloudexpoeurope.com<br />
for more information or contact the team today<br />
to discuss further on +44 (0) 207 013 4999<br />
ORGANISED BY<br />
Co-located<br />
with:
COMMENT<br />
COMMENT<br />
INSTRUMENTING THE NETWORK<br />
BY RAY SMYTH, EDITOR<br />
Political and economic uncertainty, combined with the continuing lack of clarity concerning our<br />
relationship with the EU, are finding their way into every aspect of personal and professional life,<br />
and the network is no exception. In much the same way, so is what some are referring to as the<br />
digital risk. In fact, I recently noticed a press release that claimed that cyber-attacks are "adding 2.7<br />
minutes to hospital response times and causing an extra 36 deaths for every 10,000 heart attacks<br />
each year."<br />
Because I haven't verified these figures I only offer them as a nudge for you and your organisation<br />
and not as verified truth. Undetected cyber breaches are without doubt impacting your network services<br />
affecting efficiency and resource, and that's before you consider data loss. I started my IT career<br />
with a small UK startup that was early to market with a network analyser amongst other network technology.<br />
What's now offered by today's vendors is so different, but then so is the job we need it to do.<br />
Instrumenting networks to capture everything that happens is an important step towards understanding<br />
exactly how the network performs. But it is not enough to just capture the data; rapid near<br />
real-time analysis is required that can then automatically alert those that need to know about the<br />
things that matter to them, covering that which affects performance or security. But remember, they<br />
are inextricably linked. There is now clear evidence that network management and security, which<br />
until recently were disassociated disciplines, could realistically move much closer together. Machine<br />
learning (ML) is emerging as an important component of such a capability, though some will insist<br />
on wrongly calling it AI.<br />
I think we are seeing the emergence of a very healthy, network-based approach, which is to be<br />
encouraged, and which will see cybersecurity and operational management of the network move<br />
closer together. A given network event has the potential to manifest itself in many different ways. There<br />
is no benefit in capturing a single event in a number of different places because it will be expensive<br />
and inefficient.<br />
Instrumenting your network and providing the intelligence to those that need it to do their jobs, in a<br />
language and manner that they comprehend, is the new challenge for IT and networking professionals.<br />
It's not all about technology, though it will be firmly based on it. It's not all about people either,<br />
though there will be plenty involved and they will be very dependant. And it's not all about diversity,<br />
though barriers must be removed and cooperation become the norm.<br />
If you want a network that is enabled for the digital transformation that businesses are demanding, it<br />
has to be instrumented and work without silos.<br />
Ray Smyth - Editor, Network Computing.<br />
Ray.Smyth@BTC.CO.UK | https://twitter.com/ItsRay?<br />
EDITOR: Ray Smyth<br />
(ray.smyth@btc.co.uk)<br />
REVIEWS:<br />
Dave Mitchell<br />
Ray Smyth<br />
SUB EDITOR: Mark Lyward<br />
(netcomputing@btc.co.uk)<br />
PRODUCTION: Abby Penn<br />
(abby.penn@btc.co.uk)<br />
DESIGN: Ian Collis<br />
(ian.collis@btc.co.uk<br />
SALES:<br />
David Bonner<br />
(david.bonner@btc.co.uk)<br />
Julie Cornish<br />
(julie.cornish@btc.co.uk)<br />
SUBSCRIPTIONS: Christina Willis<br />
(christina.willis@btc.co.uk)<br />
PUBLISHER: John Jageurs<br />
(john.jageurs@btc.co.uk)<br />
Published by Barrow & Thompkins<br />
Connexion Ltd (BTC)<br />
35 Station Square,<br />
Petts Wood, Kent, BR5 1LZ<br />
Tel: +44 (0)1689 616 000<br />
Fax: +44 (0)1689 82 66 22<br />
SUBSCRIPTIONS:<br />
UK £35/year, £60/two years,<br />
£80/three years;<br />
Europe:<br />
£48/year, £85/two years £127/three years;<br />
ROW:<br />
£62/year, £115/two years, £168/three years;<br />
Subscribers get SPECIAL OFFERS — see subscriptions<br />
advertisement; Single copies of<br />
Network Computing can be bought for £8;<br />
(including postage & packing).<br />
© <strong>2019</strong> Barrow & Thompkins<br />
Connexion Ltd.<br />
All rights reserved.<br />
No part of the magazine may be<br />
reproduced without prior consent, in<br />
writing, from the publisher.<br />
GET FUTURE COPIES FREE<br />
BY REGISTERING ONLINE AT<br />
WWW.NETWORKCOMPUTING.CO.UK/REGISTER<br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 3
CONTENTS<br />
CONTENTS<br />
N O V E M B E R / D E C E M B E R 2 0 1 9<br />
THE CLOUD........................10<br />
Our cloud feature this issue considers where<br />
the responsibility for cloud security lies and<br />
how cloud based service can help, and<br />
assesses the use and management of<br />
policies as IT systems become more hybrid<br />
EDITOR'S COMMENT......................3<br />
Instrumenting the network<br />
COMPANY NEWS............................6<br />
Market Dynamics: making sense of the market<br />
NETWORK NEWS............................7<br />
Moves, adds and changes<br />
VERSION X......................................8<br />
The latest networking news<br />
ARTICLES<br />
A POLICY TO I<strong>NC</strong>LUDE THE<br />
CLOUD.........................................10<br />
By Tim Sedlack at Micro Focus<br />
SECURING THE CYBER<br />
WORKFORCE...................................11<br />
By Stuart Sharp at Solutions Engineering<br />
SECURE EDGE TO EDGE..................13<br />
By Aron Brand at CTERA<br />
CONNECTED CLOUD.....................14<br />
Richard Petley at Oracle UK & Ireland<br />
DIGITAL NETWORKING.........24<br />
Digital transformation requires a new<br />
networking approach. Pete Lumbis, Technical<br />
Evangelist at Cumulus Networks talks about<br />
applying web-scale networking principles to<br />
digital transformation<br />
EDGE OF TOMORROW........32<br />
Edge computing seems to be on everyone's<br />
lips just now. Abhijit Sunil at Forrester<br />
considers what might happen next at the<br />
edge of the network<br />
DISRUPTION AGENDA..........28<br />
With operational technology and IT naturally<br />
coalescing, there is a new emerging cyberphysical<br />
threat. Chris Sherry at Forescout<br />
explains this disruptive threat vector<br />
TECHNOLOGY IN THE<br />
COMMUNITY........................33<br />
The Stephen Lawrence Charitable Trust<br />
needed to put its community space to work<br />
- and did so with a networking upgrade<br />
from Zyxel<br />
SECURITY & MANAGEMENT.............15<br />
By James Barrett at Endance<br />
SYSTEM DOWN................................16<br />
By Peter Groucutt at Databarracks<br />
TOMORROW’S ISV...........................17<br />
By Scott Murphy at Ingram Micro<br />
THE SMALL APPROACH TO BIG.......18<br />
By Paul Durzan at Ensono<br />
MANUFACTURING LINUX<br />
CONTAINERS...................................19<br />
By Florian Froschermeier at INSYS<br />
GDPR SO FAR..................................20<br />
By Todd Peterson at One Identity<br />
DATA AS CURRE<strong>NC</strong>Y........................22<br />
By Richard Agnew at Code42<br />
BREAKING THE IT VENDOR<br />
MONOPOLY....................................23<br />
By Ronak Shah at Fact.MR<br />
MAKING THE GRADE?.....................25<br />
By James Hirst at Tyk<br />
NARROWING THE CYBER GAP.........27<br />
By Deshini Newman at (ISC) 2<br />
TAKING LEGACY TO THE CLOUD....29<br />
By Neill Hart at CSI<br />
EVOLVING CYBERSECURITY..............34<br />
By Theresa Lanowitz at AT&T Cybersecurity<br />
PRODUCT REVIEW<br />
R&S CLOUD PROTECTOR..............21<br />
ALTARO OFFICE 365 BACKUP.......26<br />
4 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
One Platform for<br />
Digital Business<br />
• Process<br />
• Content<br />
• Governance<br />
Modern Architecture<br />
• Developer-friendly<br />
• Open<br />
• Cloud-ready<br />
Faster Time to Value<br />
• Deploy<br />
• Adopt<br />
• Build<br />
Learn more at alfresco.com | Contact us at info@alfresco.com<br />
Alfresco EMEA: +44 (0) 1628 876 500 | Alfresco Americas: +1 888 317 3395<br />
Alfresco Asia Pacific: +61 2 8607 8539
COMPANYNEWS<br />
MARKET DYNAMICS: MAKING SENSE OF THE MARKET<br />
IN A REGULAR LOOK AT RESULTS AND KEY BUSINESS ANNOU<strong>NC</strong>EMENTS FOR SUPPLIERS INTO THE<br />
NETWORKING AND IT MARKET, NETWORK COMPUTING SUMMARISES THE EDITORS SELECTIONS<br />
Artificial Intelligence company,<br />
Adarga has upsized its Series A<br />
fundraising to £7 million with an<br />
additional £2 million investment from<br />
Moore Strategic Ventures. Adarga help<br />
companies to transform data intensive<br />
human knowledge processes by analysing<br />
vast volumes of data quickly and<br />
accurately. Led by Allectus Capital with<br />
additional funds coming from existing and<br />
new investors, the proceeds will be used to<br />
continue the expansion of Adarga's data<br />
science and software engineering teams,<br />
accelerate research & development, and<br />
to execute the adarga_engine and<br />
adarga_bench software platform rollout in<br />
the UK and beyond.<br />
For the ninth consecutive year Zscaler is<br />
Leader in the Gartner Magic Quadrant<br />
for Secure Web Gateways. Eleven<br />
vendors were evaluated based on their<br />
ability to execute and their completeness<br />
of vision: Zscaler was most advanced in<br />
both areas. The Zscaler platform,<br />
claimed to be the world's largest cloud<br />
security platform, processes more than<br />
70 billion transactions and detects<br />
approximately 100 million threats per day<br />
across 185 countries.<br />
Ribbon Communications has entered<br />
into an agreement to acquire ECI Telecom<br />
Group Ltd through a merger. ECI Telecom<br />
is a global provider of end-to-end packetoptical<br />
transport and SDN/NFV solutions<br />
for service providers, enterprises and data<br />
centre operators. Financed by 32.5 million<br />
shares of Ribbon common stock and $324<br />
million of cash, ECI stockholders will also<br />
receive approximately $31 million from<br />
the sale of real estate assets.<br />
The combined business will create a<br />
leading edge solutions provider with<br />
anticipated combined annual revenue of<br />
over $900 million, serving customers in<br />
more than 140 countries, with 4,000<br />
employees worldwide.<br />
Container based security provider and<br />
serverless and cloud native applications<br />
company, Aqua Security has announced<br />
its expansion into cloud security posture<br />
management (CSPM) through its<br />
acquisition of CloudSploit. CloudSploit's<br />
SaaS-based platform allows customers to<br />
monitor their public cloud accounts,<br />
providing visibility to their entire estate of<br />
cloud resources and reduce threats due to<br />
misconfiguration and vulnerabilities.<br />
CloudSploit automatically manages cloud<br />
security risk and benchmarks against<br />
industry standards to ensure compliance.<br />
"We are excited to add CloudSploit to<br />
our cloud-native security portfolio," said<br />
Dror Davidoff, CEO at Aqua Security.<br />
"Aqua protects the world's largest cloud<br />
native environments. With CloudSploit our<br />
customers can now continuously monitor<br />
and manage their cloud security posture<br />
across multi-cloud infrastructures."<br />
Pure Storage has expanded its global<br />
presence with the opening of a new<br />
European Research & Development<br />
Centre in Prague, Czech Republic,<br />
marking further significant investment in<br />
the EMEA region. Pure was founded with<br />
innovation at its core and a customer-first<br />
mindset, and this new EMEA hub is<br />
designed to fuel innovation and<br />
accelerate time-to-market.<br />
The centre will be headed by Dan<br />
<strong>Dec</strong>asper, General Manager of Pure1, the<br />
company's cloud-based software platform.<br />
Commenting on the launch of the centre<br />
<strong>Dec</strong>asper said, "I'm thrilled that on our<br />
10th anniversary we maintain the same<br />
commitment to innovation that we had on<br />
day one. We've experienced tremendous<br />
growth and have always believed in<br />
investing back into talent acquisition and<br />
expansion.<br />
Data connectivity aggregator FluidOne<br />
headquartered in the UK has announced<br />
its results for the year ending 31 March<br />
<strong>2019</strong>. Their organic revenue increased by<br />
11 per cent from £26.0m to £28.8m and<br />
underlying EBITDA rose by 33 per cent to<br />
£3.2m. Strategic investment by private<br />
equity firm Livingbridge and a new tiered<br />
debt facility provides FluidOne with M&A<br />
funding options and is supported by<br />
annual customer retention of 96 per cent.<br />
The inaugural Global Networking Trends<br />
report from Cisco claims that softwaredefined<br />
networking is a mainstay of many<br />
systems, and that key trends such as 5G,<br />
security and multi-cloud are having big<br />
impacts, while AI is helping to accelerate<br />
the use of intent-based networks. Perhaps<br />
slightly concerning, it concludes that<br />
there's a long way to go for today's<br />
networks to meet the demands of the<br />
emerging digital era. <strong>NC</strong><br />
Disclaimer - all information published in this article is based upon fuller submissions provided under general release. Any interested party is urged to verify<br />
any information printed here, prior to using it in any way. Neither Network Computing nor it publishers accepts any responsibility for the accuracy of the<br />
information contained in this article.<br />
6 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
NETWORKNEWS<br />
NETWORK NEWS - MOVES, ADDS AND CHANGES<br />
A REGULAR LOOK AT THE STORIES INVOLVING PEOPLE, COMPANIES AND SOLUTIONS<br />
Accidentally sending an email to<br />
the wrong person seems like an<br />
innocent mistake, but it could<br />
have substantial repercussions.<br />
Commenting, Andrea Babbs, UK<br />
General Manager at VIPRE says,<br />
"Misaddressed emails have far-reaching<br />
consequences that can seriously impact<br />
an organisation, especially in highly regulated<br />
industries such as healthcare and<br />
finance"<br />
This is an issue for most organisations,<br />
and a risk that fails to get attention. In<br />
fact the Information Commissioners<br />
Office (ICO) has said that misaddressed<br />
emails are the largest source of data<br />
loss for organisations, underlining the<br />
seriousness. Concluding, Babbs says,<br />
"What is required is a tool that prompts<br />
users for a double check of their email<br />
based on set parameters, who it is being<br />
sent to, the contents and attachments.<br />
It's about increasing awareness and<br />
improving email culture."<br />
Misaddressed emails are an unattended<br />
risk, meaning disaster recovery is not<br />
far behind. According to a survey of IT<br />
workers carried out by Probrand, UK<br />
businesses are gambling with their business<br />
continuity, as it seems that a quarter<br />
of the companies surveyed do not<br />
have any form of disaster recovery plan<br />
in place. This is not the end of it<br />
though, because of those workers that<br />
say their employer does have a disaster<br />
recovery plan, 54 per cent revealed that<br />
it is not regularly tested, and a third that<br />
their recovery plan has never actually<br />
been tested during their employment.<br />
Whatever your persuasion in the neverending<br />
drama, most IT professionals<br />
generally support the measures established<br />
to protect data and the rights of<br />
its subjects in the EU. And now the EU is<br />
apparently turning its attention to AI,<br />
which will certainly be one to watch. The<br />
new European Commission President,<br />
Ursula von der Leyen has called for the<br />
EU to draft rules to regulate the use of<br />
artificial intelligence. She has compared<br />
this ambition to the introduction of the<br />
EU's privacy law, the GDPR, and adds<br />
that she wants to keep key technologies<br />
in Europe to bolster the EU's technological<br />
standing in the world.<br />
Commenting on this, John Buyers,<br />
Partner at international legal practice<br />
Osborne Clarke says, "The challenges<br />
with AI - specifically deep learning - are<br />
its breadth of application across every<br />
walk of life and the fact that it is not<br />
always transparent or predictable.<br />
Beyond high level ethical principles,<br />
one-size-fits-all regulation sounds<br />
attractive but the complexity of different<br />
sectors will be difficult, if not impossible,<br />
to boil down into a single overarching<br />
law. Designing effective regulation is<br />
challenging. The GDPR, for example, is<br />
an uneasy bedfellow with AI, generating<br />
significant compliance issues."<br />
Following a long-term and sustained<br />
effort by Switchshop to develop and<br />
establish its technical expertise, Aruba<br />
has recognised their effort and achievement<br />
by granting them Platinum status.<br />
Their Aruba focused services include<br />
free technical pre-sales, onsite installation<br />
with highly experienced engineers<br />
and ongoing support from the highly<br />
qualified service desk team.<br />
Hertfordshire based Switchshop has also<br />
invested in their customer demo lab with<br />
Comware, ArubaOS, OS-CX, AOS8 and<br />
Clearpass equipment available.<br />
Lastly, when it comes to cybersecurity<br />
the available budget is always an<br />
important consideration, and can have<br />
a direct impact on results. Apparently,<br />
cybersecurity budgets are failing to keep<br />
pace with the rise in cyber threats,<br />
according to new research by ESET.<br />
Half of IT decision-makers said that<br />
their security budget won't increase<br />
before at least 2021, with 18 per cent<br />
expecting their budget to increase by<br />
double-digits within the next two years,<br />
while 28 per cent forecast single-digit<br />
growth.<br />
David Mole, Channel Director at ESET<br />
says "The risk and potential cost of a<br />
breach is higher than ever. Recent cases<br />
such as British Airways and Marriott<br />
International clearly show the damage" <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 7
PRODUCTNEWS<br />
VERSION X<br />
VERSION X<br />
VERSION X<br />
VERSION X<br />
VER<br />
WITH PRODUCT ANNOU<strong>NC</strong>EMENTS RANGING FROM THE TRIVIAL TO THE BIZARRE, THE EDITOR<br />
DISTILS THE ESSE<strong>NC</strong>E OF THOSE THAT ARE OF INTEREST TO THE NETWORKING COMMUNITY<br />
Wringing your hands about the<br />
ever-present insider threat won't<br />
help the situation, and it is<br />
without doubt an area of cybersecurity<br />
that requires constant attention and regular<br />
review. Vendors have their role to<br />
play in this, and Code42 has recently<br />
introduced some new capabilities<br />
focused on departing employees that aim<br />
to cut the time taken to detect and<br />
respond to high risk file activity, while<br />
improving visibility to corporate files that<br />
are leaked to personal cloud and email<br />
accounts using web browsers.<br />
Commenting, Joe Payne, President and<br />
CEO said, "Our new insider risk detection<br />
capabilities deliver signal, not noise<br />
through a focused and prescriptive<br />
process so security teams can quickly<br />
find the needle in the haystack… These<br />
high-fidelity insights into data risk save<br />
over-loaded security teams precious<br />
investigation time."<br />
Sticking with the insider threat, IAM<br />
analytics software company idax has<br />
launched a dynamic certification capability<br />
to allow users to complete access<br />
reviews with higher quality results. They<br />
say that dynamic certification is an<br />
improvement on the standard entitlement<br />
review procedures where the task is completed<br />
all at once over a short period of<br />
time. Instead, reviews can now take<br />
place without a fixed time frame, supporting<br />
a more considered approach.<br />
Mark Rodbert, CEO at idax claims that<br />
"Reviewing access rights is one of those<br />
tasks all managers dread. The traditional<br />
approach is important in locking down<br />
internal threats. However, doing the job<br />
properly requires trawling through files,<br />
looking at systems that staff access, and<br />
deciding whether to approve or revoke<br />
access. It is this that dynamic certification<br />
addresses, saving time and money."<br />
The simplicity of moving compute and<br />
storage to the cloud is often overstated,<br />
and the care, discipline and management<br />
associated with premise-based<br />
resources needs to be applied, if not<br />
augmented. For this to be effective,<br />
some intelligence and insight is required.<br />
Sumo Logic, who provide what they<br />
describe as continuous intelligence, have<br />
extended the scope of their service to<br />
AWS CloudTrail. This latest offering provides<br />
security teams with valuable realtime<br />
security intelligence to scale detection,<br />
prioritisation, investigation and<br />
workflow and prevent potentially harmful<br />
service configurations that could lead to<br />
a data breach.<br />
It seems clear that the end of IPv4<br />
address availability is a reality, but those<br />
with spare one's may be able to benefit.<br />
Network infrastructure solutions provider<br />
Heficed has launched a solution in this<br />
area which helps businesses and organisations<br />
to monetise their IPv4 address<br />
resources by listing them so that potential<br />
lessees can select available IPv4 addresses<br />
and lease them. Apparently, IPv4<br />
addresses, originally a free resource,<br />
have become a commodity and a strategic<br />
asset for businesses as a single IPv4<br />
address in the secondhand market can<br />
now commands around twenty dollars.<br />
CEO Vincentas Grinius adds that<br />
"Organisations using our platform can<br />
rest assured that their IPs will remain<br />
clean. Preventing the abuse of IPs is our<br />
priority and an abuse report system is<br />
present and straightforward to use."<br />
Multi-vendor hybrid SD-WAN networks<br />
can quickly become complex and they<br />
require some insight if maximum operational<br />
benefit is to be derived. It is this<br />
challenge that has inspired Infovista to<br />
create its VistaInsight Service Assurance<br />
solution. The company claims that<br />
deploying this solution will reduce the<br />
complexity of multi-vendor SD-WAN networks<br />
with a single management interface,<br />
increase operational efficiency by<br />
monitoring in real time, and optimise<br />
capex through prediction and optimisation<br />
of network capacity.<br />
Principal Analyst at Analysys Mason,<br />
Anil Rao describes VistaInsight as "an<br />
exciting offering for SD-WAN edge service<br />
assurance, focused on correlating<br />
underlay and overlay performances in<br />
hybrid WAN networks."<br />
Another company active in this space is<br />
Aryaka, who have expanded their portfolio<br />
of managed SD-WAN offerings, delivered<br />
using its newly branded<br />
SmartServices platform. They have introduced<br />
four additional as-a-service offerings<br />
that include network and application<br />
acceleration, multi-cloud networking,<br />
managed security and actionable insights.<br />
Matt Carter, CEO at Aryaka said, "Our<br />
patented SD-WAN architecture and our<br />
8 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
PRODUCTNEWS<br />
SION X<br />
global network allow customers to benefit<br />
from an integrated solution that delivers<br />
the industry's best application performance<br />
and then consolidate other box<br />
vendors into an Aryaka solution for the<br />
lowest possible TCO."<br />
Crossword Cybersecurity has been outlining<br />
what they claim to be a new<br />
approach to machine learning-based<br />
cybersecurity and fraud detection by<br />
announcing a family of products called<br />
Nixer CyberML. This new tool is apparently<br />
ideal for businesses that want to<br />
solve advanced security and cybercrime<br />
problems, such as detecting and dealing<br />
with compromised accounts, fraud and<br />
in-application denial of service attacks.<br />
With so many security and fraud problems<br />
arising from within applications it<br />
can prove difficult to detect externally.<br />
Nixer CyberML allows development<br />
teams to rapidly add machine learningbased<br />
detection to online applications<br />
(online banking, ecommerce systems,<br />
ticket sites, critical business apps, etc.)<br />
that can learn to accurately distinguish<br />
between good and bad user behaviour.<br />
Jan Broniowski, Nixer CyberML<br />
Architect said, "By putting security closer<br />
to the application layer, we create rich,<br />
valuable context for algorithms and analytics.<br />
We offer Nixer CyberML as Java<br />
libraries through GitHub - a design decision<br />
that provides control, explainability<br />
and configurability to developers. Nixer<br />
CyberML helps to merge the gap<br />
between security analytics and software<br />
development."<br />
D-Link has announced a new range of<br />
USB-C hubs and adapters which are<br />
designed to give users flexible, ultraportable<br />
ways to expand connectivity on<br />
their computers and laptops. The DUB<br />
Series of USB-C hubs and adapters are<br />
compact, portable, and ready to use by<br />
simply plugging into a laptop or PC's<br />
USB-C port as well as iMac and<br />
MacBook's Thunderbolt 3 port, instantly<br />
expanding connectivity or display. It also<br />
offers a range of wired internet connectivity,<br />
quick file transfer and full resolution,<br />
some without even having to compromise<br />
on access to power, allowing<br />
users to extend their connections according<br />
to what they need.<br />
Building on what it describes as the<br />
tremendous demand for AV over IP, NET-<br />
GEAR has launched some new switches.<br />
The M4300 line of switches and the new<br />
M4500 series 100 Gigabit Network<br />
Switches have been added to the NET-<br />
GEAR managed switch line and are purpose<br />
built to streamline audiovisual<br />
solutions over IP by reducing the complexity<br />
and cost of networked deployments,<br />
while at the same time remaining<br />
equally applicable to standard IT network<br />
deployments.<br />
OT and IoT security company Nozomi<br />
Networks has released a free tool -<br />
Guardian Community Edition - to help<br />
security and risk management teams<br />
take the first step in expanding their risk<br />
lens to include OT and IoT cybersecurity.<br />
It makes use of the technology used<br />
in their cybersecurity platform,<br />
Guardian Community Edition, which<br />
provides users with visibility into their<br />
OT and IoT assets.<br />
"Organisations across a spectrum of<br />
industries are converging IT, OT and IoT<br />
efforts to improve business processes,<br />
deliver better customer experiences and<br />
gain a competitive edge", comments<br />
Nozomi Networks Co-founder and Chief<br />
Product Office Andrea Carcano. He<br />
adds that "Cybersecurity executives and<br />
their teams are challenged to gain visibility<br />
into these networks. But having<br />
visibility is the first step to securing<br />
them. We developed Guardian<br />
Community Edition to give the community<br />
a safe way to begin expanding their<br />
security footprint."<br />
Industrial IT solutions specialist<br />
SolutionsPT has released Citect SCADA<br />
2018 R2. It enables industrial process<br />
organisations to increase efficiencies in<br />
their operations by improving visualisation,<br />
allowing them to monitor and control<br />
their plants and equipment effectively.<br />
Featuring an enhanced graphics<br />
builder, Citect R2 supports Graphics<br />
Browsing in Citect Studio, letting engineers<br />
create virtual representations of<br />
their plant environments which can be<br />
controlled digitally, enabling access to<br />
different SCADA.<br />
Citect Product Manager Anne Fletcher<br />
said, "With its new, enhanced capabilities,<br />
Citect R2 is a significant development<br />
for engineers and manufacturers<br />
which will help them take the next step<br />
in their digitalisation journey with minimum<br />
disruption." <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 9
FEATURECLOUD<br />
A POLICY TO I<strong>NC</strong>LUDE THE CLOUD<br />
AS IT SYSTEMS BECOMES MORE HYBRID, THE<br />
USE AND MANAGEMENT OF POLICY GROWS<br />
EVER MORE COMPLICATED. TIM SEDLACK,<br />
DIRECTOR OF PRODUCT MANAGEMENT AT<br />
MICRO FOCUS SUGGESTS CAREFUL<br />
REASSESSMENT<br />
IT complexity is increasing, and as a result<br />
most IT departments are struggling to<br />
maintain their security and a consistent<br />
configuration. Yet implementing processes to<br />
cope with this complex IT environment can<br />
introduce roadblocks and impede<br />
organisations from getting business done. As<br />
organisations migrate to the cloud and<br />
implement hybrid IT strategies, users may<br />
engage in practices that stray outside of<br />
existing policy by creating, for instance,<br />
accounts to provide contractors with access to<br />
resources. Managing policy in this complex<br />
environment needs some attention.<br />
THE POLICY TOOL<br />
Policy is a vital tool and it enables IT to maintain<br />
a tighter set of controls. Whether using<br />
Microsoft's Group Policy (based in Active<br />
Directory) to design security controls and<br />
configurations that are applied across users and<br />
devices, or automating configuration in the<br />
UNIX and Linux world (through scripting, Puppet<br />
or Chef), IT departments are turning to policy.<br />
While Group Policy is widely used to set and<br />
maintain security, it's largely limited to<br />
Windows users and devices. However, other<br />
silos of IT resources (such as those migrating<br />
to SaaS, PaaS, and IaaS based solutions) have<br />
recognised that policy-based security and<br />
configuration seems to solve a myriad of<br />
problems. As a result, they've adapted<br />
bespoke methods to manage by policy, which<br />
is a good development.<br />
THE POLICY DEFINITION<br />
<strong>Dec</strong>laring a policy that can be validated and<br />
enforced simplifies management, but is there<br />
a standard way to define policy? As you can<br />
imagine, there's unique policy for each silo,<br />
and very little agreement around terms or<br />
execution. This lack of common<br />
understanding on how policy should be set in<br />
order to meet a company's internal policies or<br />
external regulatory compliance is a challenge.<br />
Consider passwords: one common setting is<br />
Complexity, but how is this defined?<br />
Determining compliance requirements around<br />
the term Complexity can be a guessing game,<br />
but the real challenge comes when security<br />
teams or compliance officers try to dictate<br />
password Complexity across policy silos. The<br />
most common virtualisation technology is<br />
heavily invested in a policy-based approach to<br />
management, but refers to password<br />
complexity as Quality, combining several<br />
password metrics. Clearly, mapping<br />
Complexity to Quality may not be simple. A<br />
compliance officer or CISO needs to make<br />
certain that policy is set similarly across all<br />
silos, regardless of these semantics.<br />
THE POLICY MANAGEMENT<br />
Coordinating both the experts and the<br />
expertise in order to validate and report on<br />
compliance can be tricky. Even where<br />
terminology and interpretation differs,<br />
businesses must still prove compliance with<br />
internal policy and external regulation, and<br />
even when not beholden to complicated<br />
regulations like GDPR or PCI-DSS,<br />
organisations must still be responsive to<br />
security and privacy concerns.<br />
Change is almost constant today, yet any<br />
change demands that policy reflects new<br />
applications and services, once again relying<br />
on experts to understand and interpret for their<br />
area of expertise. Sadly, policy changes across<br />
silos are often implemented in a haphazard<br />
fashion, creating an ugly mess.<br />
A COMPREHENSIVE APPROACH<br />
Today, organisations must take steps to<br />
understand where and how they are<br />
managing by policy, across all on-premise<br />
and cloud based services. A key step is<br />
cataloguing expertise, including people,<br />
processes and policy settings. As policy<br />
frameworks advance, automation will assist<br />
and further ease the burden of policy silos<br />
in future.<br />
Don't shy away from policies: they solve<br />
more problems than they create. The ideal<br />
solution would centralise policy, normalise all<br />
terms and implementation and enforce a<br />
common policy across the organisation,<br />
regardless of where the silos exist. This would<br />
allow the organisation to report on<br />
compliance quickly and simply, and at the<br />
same time ensure that auditors get exactly<br />
what they need as proof of the organisation's<br />
compliance. <strong>NC</strong><br />
10 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
FEATURECLOUD<br />
SECURING THE CYBER WORKFORCE<br />
CLOUD BASED SERVICES CAN BE THE SOURCE<br />
OF QUALITY SOLUTIONS TO SOME OF THE<br />
SECURITY CHALLENGES POSED BY CLOUD<br />
ADOPTION. STUART SHARP, VP OF SOLUTION<br />
ENGINEERING AT ONELOGIN PROVIDES AN<br />
OVERVIEW<br />
Remote working, once a hindrance<br />
and an organisational nightmare,<br />
has now become a norm within<br />
workplace culture. According to the<br />
Office of National Statistics (ONS), by<br />
2020, 50 per cent of the UK workforce is<br />
expected to be working remotely, begging<br />
the question 'do we still need traditional<br />
office space?'<br />
According to recent research on the<br />
distributed, diverse workforce of the<br />
future, 97 per cent of CIOs said that their<br />
workplaces will be widely dispersed across<br />
geographies and time zones in the future,<br />
with part-time employees, contractors and<br />
contingent workers playing a bigger role<br />
in businesses.<br />
REMOTE CHALLENGE<br />
Despite the successes of remote working,<br />
many challenges are being overlooked,<br />
such as how to maintain a secure and safe<br />
environment for remote workers accessing<br />
sensitive data. According to a report by<br />
Hiscox, cyber-attacks are costing the<br />
average small UK business £25,700 a<br />
year in basic clear-up costs. As a result, it<br />
can be a colossal challenge for IT<br />
departments to ensure that users logging<br />
in remotely can do so securely.<br />
It's important to understand the threat.<br />
With 80 per cent of security breaches<br />
involving the abuse and misuse of<br />
privileged credentials, the threat is<br />
passwords. Everyone is raising the alarm<br />
about weak passwords and encouraging<br />
the use of more complex derivatives as an<br />
easy form of defence. However, complex<br />
passwords can often cause more havoc<br />
than simple ones. A single user may have<br />
anywhere from 20 to 200 passwords,<br />
accessing secure information from<br />
multiple devices including laptops and<br />
smartphones.<br />
SINGULARLY SECURE<br />
To support everyone working remotely, we<br />
need to ensure that each user is logging<br />
on to company networks safely and<br />
securely. One solution is to implement a<br />
single sign-on (SSO) system that integrates<br />
multifactor authentication (MFA). SSO lets<br />
users securely authenticate with multiple<br />
applications and websites by logging in<br />
once, using just one set of credentials.<br />
With SSO, the applications or websites<br />
user's access will rely on a trusted third<br />
party to verify that the user is who they say<br />
they are. MFA, on the other hand, is a<br />
security system that verifies a user's identity<br />
by requiring multiple credentials. Rather<br />
than just asking for a username and<br />
password, MFA requires additional<br />
credentials, such as a one-time code from<br />
the user's smartphone, a fingerprint, or<br />
facial recognition.<br />
PROTECTING DATA AND USER<br />
Every time a user logs into a new<br />
application or machine represents an<br />
opportunity for cybercriminals. To be on<br />
the defensive, companies should have an<br />
authentication strategy in place to protect<br />
both data and end-users. In addition,<br />
organisations should ensure that their<br />
authentication solution of choice can<br />
adapt to meet new and advanced types of<br />
attacks from cybercriminals.<br />
The removal of passwords is a<br />
compelling objective for everyone in the<br />
cybersecurity industry; unfortunately,<br />
passwordless authentication is not<br />
supported by most applications. Only<br />
companies that have deployed a modern<br />
cloud-based identity solution can make the<br />
passwordless future a reality today. In the<br />
meantime, implementing secure secondary<br />
forms of authentication means that many<br />
cyber-attacks can be prevented.<br />
It is expected that the workforce will only<br />
become more distributed and diverse as<br />
time passes, with remote working set to<br />
become the norm for most organisations.<br />
While the traditional office space is still<br />
thriving, it is without doubt on the decline.<br />
With security high on the agenda, it is the<br />
responsibility of organisations to ensure<br />
that their employees - wherever they may<br />
reside in the world - are accessing files<br />
safely and securely, as we move into a new<br />
realm of remote working. Digital<br />
transformation is the cornerstone of what<br />
drives the technological revolution.<br />
However, if we don't take security concerns<br />
into account, we are only doing our<br />
organisations a disservice. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 11
FEATURECLOUD<br />
SECURE EDGE TO EDGE<br />
HOPEFUL ASSUMPTIONS THAT CLOUD PROVIDERS WILL SECURE<br />
DATA ARE MISPLACED. ARON BRAND, CTO AT CTERA, OFFERS<br />
SOME INSIGHT TO HELP CLOUD-DRIVEN ORGANISATIONS<br />
ENSURE THEIR END-TO-END SECURITY<br />
The adoption of cloud-based data<br />
storage has skyrocketed, but<br />
alongside the many advantages of<br />
cloud, data security is now the most<br />
significant concern for cloud-driven<br />
organisations, a concern that is amplified<br />
by frequently reported data loss events and<br />
ransomware attacks. In order to successfully<br />
defend a cloud estate there are some vital<br />
steps that, if implemented well, will prepare<br />
an organisation for all eventualities.<br />
INSIDER RISK<br />
We often consider external threats as the<br />
most dangerous for cloud held data, but<br />
cloud security risks most often start inside<br />
the organisation. The weakest link in the IT<br />
security chain is the user. A simple,<br />
unsuspecting click can download an email<br />
attachment infected with malware or send<br />
confidential information into the hands of<br />
criminals. Other user errors take the form of<br />
'leaky cloud buckets', where data becomes<br />
exposed due to configuration mistakes<br />
made when defining object storage buckets<br />
on AWS, Azure, or other cloud providers.<br />
Vulnerabilities also occur when shared<br />
services offered by cloud solutions fail to<br />
provide the necessary security between<br />
edge clients and the cloud. And, while not<br />
pleasant to consider, there is also the<br />
malicious insider or departing employee<br />
with a grudge, intent on inflicting harm on<br />
the organisation.<br />
THE SECURE CHAIN<br />
For modern cloud-driven enterprise<br />
environments, end-to-end security is<br />
essential to defend against these<br />
weaknesses. Data must be protected at the<br />
edge (where it is created), in transit (over<br />
the network), and in the cloud (where it is<br />
stored). Considering the following advice<br />
will help an organisation to assess the<br />
security of its cloud infrastructure.<br />
PRIVATE AND SECURE<br />
It is best to keep data management and file<br />
services private, always performing them<br />
inside the firewall. This can be on-premise<br />
or with virtual private clouds on public<br />
cloud infrastructure. With this in place,<br />
secure the perimeter by ensuring that all<br />
devices are up to date with the latest<br />
patches and software updates.<br />
Cyber awareness training for employees<br />
will really help to strengthening your<br />
perimeter. In addition, Enterprise Mobility<br />
Management (EMM) tools should be used<br />
to ensure that corporate-provided and<br />
BYOD devices can be used securely and<br />
productively, thereby eliminating shadow<br />
IT. And don't forget that Data Loss<br />
Prevention (DLP) software can monitor<br />
data-access patterns, find deviations and<br />
detect data leakage.<br />
It's essential to make sure that end-to-end<br />
encryption exists, especially when data<br />
moves outside of the firewall. Source-based<br />
encryption will secure data before it leaves<br />
devices, offices and servers. Keys should be<br />
generated and managed internally by<br />
trusted individuals and separate from any<br />
third-party service to ensure total data<br />
privacy. This type of end-to-end encryption<br />
ensures that in the event of a breach the<br />
data is undecipherable.<br />
PERMISSION, BACK-UP AND TEST<br />
An effective system that carefully controls<br />
access permissions is vital. It guarantees that<br />
users are who they say they are and that<br />
they have only the appropriate access to<br />
data required for their role - remember that<br />
this will change. A multi-layer access control<br />
system is the most comprehensive way to<br />
preserve permissions and connect them to<br />
central directory authentication systems.<br />
Creating data recovery points using smart<br />
data control and protection will reduce<br />
recovery point exposure from days to hours<br />
or minutes. An effective solution will store<br />
unlimited versions of files as they are<br />
updated. And don't forget back-up: ensure<br />
that all backed-up data is physically<br />
separated from the main dataset and<br />
resides in a read-only repository.<br />
Lastly, performing regular penetration tests<br />
helps to expose any weak points. This is<br />
highly recommended following<br />
infrastructure changes, where risk can be<br />
inadvertently introduced.<br />
End-to-end security is essential in cloud<br />
deployments, and it is only available to<br />
those that understand the risk and wilfully<br />
take the right steps. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 13
OPINION<br />
CONNECTED CLOUD<br />
THOSE THAT VIEW DATA REGULATION AS A LIMITING FACTOR MAY<br />
HAVE MISSED THE POINT. RICHARD PETLEY, VP OF TECHNOLOGY<br />
AT ORACLE UK & IRELAND DISCUSSES COMPLIA<strong>NC</strong>E AND THE<br />
AWESOME DATA ECONOMY OPPORTUNITY<br />
As far back as 2011, the visionary<br />
Sir Tim Berners-Lee said that data<br />
was the new raw material of the<br />
21st century. Those words now strongly<br />
resonate as the economics of industry<br />
give way to those of insight and<br />
intelligence.<br />
Organisations readily recognise the<br />
value of data as real and justified. Datarich<br />
companies are being bought, not for<br />
what they can do, but for what they<br />
know. As a precious commodity, data is<br />
valuable and tradable, and it must be<br />
carefully appropriately and adequately<br />
protected.<br />
REGULATION: ON THE RISE<br />
Rising regulation is a standard approach<br />
for traditional business assets, which are<br />
carefully audited, recorded and<br />
regulated. Increasingly, a similar<br />
approach to data is taking place, again<br />
confirming its value. As its use increases,<br />
it is becoming subject to much more<br />
stringent control and standards.<br />
More than ever before, governments are<br />
making their presence felt. Rightly or<br />
wrongly, many regulatory authorities take<br />
an active interest in how organisations<br />
approach their digital security, especially<br />
where it pertains to citizen and consumer<br />
data. Legacy privacy regulations,<br />
originally designed for an analogue<br />
world, are being rapidly modernised or<br />
supplanted by new legal frameworks that<br />
are more attuned to our digital world.<br />
EUROPE LEADS<br />
Europe has long proved to be a strong<br />
performer in the realm of data security.<br />
The European Union's General Data<br />
Protection Regulation (GDPR) was among<br />
the first pieces of legislation to enforce the<br />
data rights of citizens and impose heavy<br />
penalties on organisations failing to<br />
comply. And yet, since the regulation came<br />
into effect, there has only been more<br />
change and progress.<br />
While GDPR's introduction hasn't<br />
produced the wave of fines many had<br />
expected, the regulation certainly has<br />
teeth. Local authorities have grown bolder<br />
in exercising the powers granted them<br />
under the regulation. This year in the UK,<br />
the ICO announced fines of nearly £300<br />
million against British Airways and the<br />
Marriott hotel group for breaching the<br />
data protection law.<br />
In holding organisations responsible for<br />
the customer data they keep, GDPR<br />
heightens the importance of a robust<br />
security posture. This is increasingly<br />
important as the threat from cyber-attack<br />
increases; at the beginning of April,<br />
Deutsche Telekom had recorded 46 million<br />
individual attacks on its digital traps,<br />
marking a new record for the continent.<br />
European organisations are responding<br />
however. The adoption of innovative new<br />
technologies, such as the Internet of Things<br />
(IoT) is driving a corresponding uptick in<br />
the number of European companies<br />
moving towards security solutions that<br />
positively impact the region's cybersecurity<br />
resilience. As a result, the European<br />
cybersecurity market is expected to grow to<br />
40 billion euros by the end of 2023.<br />
DATA ECONOMY: OPPORTUNITY<br />
GDPR and other similar regulations show<br />
the extent to which the data economy has<br />
evolved. It is a timely piece of regulation<br />
and acknowledges that data is moving<br />
faster, further and more freely than ever<br />
before. Data provides the ability to gain<br />
insight and it is this that businesses must<br />
now capitalise upon.<br />
This opportunity is also being opened up<br />
by the greater maturity and sophistication<br />
of cloud at the infrastructure, platform and<br />
software levels. The ability to collate and<br />
analyse data at incredible volumes and<br />
speed has been fuelled by the<br />
pervasiveness of cloud technology and its<br />
ability to connect once disparate systems,<br />
processes and data silos using common,<br />
secure platforms.<br />
It is no coincidence the value of data has<br />
risen exponentially with the wider end-toend<br />
adoption of cloud technologies. If<br />
data is the raw material that will drive the<br />
businesses and innovations of the future,<br />
then a connected cloud is the means of<br />
extracting and fully exploring the potential<br />
and true value of this raw material. <strong>NC</strong><br />
14 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
FEATURESECURITY MANAGEMENT<br />
SECURITY & MANAGEMENT: NET EFFECT<br />
THERE IS NO SHORTAGE OF NETWORK DATA TO SECURE AND<br />
MANAGE NETWORKS. BUT, AS JAMES BARRETT OF ENDACE<br />
DEMONSTRATES, ACCESSING USEFUL NETWORK DATA AT THE<br />
RIGHT TIME HAS TRADITIONALLY BEEN A CHALLENGE<br />
The fundamental prerequisite for<br />
successfully protecting networks and<br />
applications against cyber-attacks and<br />
performance problems is sufficient visibility<br />
of all network activity. However, despite<br />
deploying numerous security and<br />
performance monitoring tools and collecting<br />
data from multiple sources, organisations<br />
seem to lack this network visibility, and<br />
consequently, the agility to respond to<br />
network security threats and performance<br />
problems in near real-time.<br />
Some recent research we carried out found<br />
that 90 per cent of the large enterprises<br />
surveyed reported 'insufficient visibility into<br />
network activity to be certain about what is<br />
happening' and 88 per cent were concerned<br />
about their ability to 'resolve security and<br />
performance problems quickly and<br />
accurately'.<br />
VISIBILITY AND AGILITY<br />
Unsurprisingly, SecOps and NetOps are<br />
overwhelmed by the volume of collected<br />
data. Often the data exists in silos and lacks<br />
useful context, meaning that organisations<br />
don't have the definitive evidence they need<br />
to be certain about events. As a result,<br />
investigations are slow, resource-intensive<br />
and often inconclusive, as analysts struggle<br />
to assemble a clear picture of events, using<br />
multiple and disparate data sources.<br />
To address this it's essential to ensure that<br />
the right data is being collected, and then to<br />
integrate it all into actionable information.<br />
Network metadata provides good visibility<br />
into real-time network activity while also<br />
providing insight into trends. Its compactness<br />
means that it's possible to store months or<br />
years of history, which is ideal for analysis<br />
THE FULL PACKET<br />
While metadata is incredibly useful it clearly<br />
doesn't contain the packet payload data that<br />
SecOps and NetOps need as definitive<br />
forensic evidence. Here, organisations will<br />
require full packet data.<br />
Collecting both forms offers NetOps and<br />
SecOps the information they need to quickly<br />
investigate threats and performance<br />
problems, coupled where necessary with the<br />
ability to drill into definitive packet-level<br />
evidence to see exactly what happened,<br />
allowing them to refine their response.<br />
ARCHITECTING SECURITY AND<br />
PERFORMA<strong>NC</strong>E<br />
As well as a lack of visibility, organisations<br />
reported other issues. 88 per cent struggle to<br />
'deploy new capabilities at the rate the<br />
business or IT requires' and 80 per cent don't<br />
have 'enough of the right tools in the right<br />
places' with 73 per cent lacking flexibility,<br />
'forced to keep obsolete tools, locked into<br />
specific vendors or can't choose best-ofbreed<br />
solutions'.<br />
Underlying these issues is the fact that<br />
deploying network security and performance<br />
monitoring solutions often requires<br />
deploying hardware-based appliances.<br />
These appliances are expensive, slow to<br />
deploy, costly to maintain and difficult to<br />
change out.<br />
As a result, budgets are consumed by costly<br />
CAPEX investment, leaving SecOps and<br />
NetOps with insufficient budget to deploy<br />
enough network tools in enough places to<br />
avoid blind spots. And once solutions are<br />
deployed, they often remain in place well<br />
after becoming obsolete, as changing them<br />
out is too expensive and difficult.<br />
Solving this means adopting a new<br />
approach to the way network security and<br />
performance solutions are delivered.<br />
Virtualising the enterprise data centre<br />
resulted in massive economies of scale, costsavings,<br />
flexibility and agility for IT<br />
operations. A similar approach is required<br />
for the network.<br />
VIRTUALISATION BENEFITS<br />
As network security, network monitoring, and<br />
application monitoring vendors increasingly<br />
offer software versions of their solutions,<br />
virtualising network monitoring has rapidly<br />
become an achievable objective.<br />
Deploying an underlying hardware<br />
architecture that can perform all the<br />
necessary common network functions allows<br />
security and performance analytics as well<br />
as SecOps and NetOps teams to share the<br />
same hardware infrastructure.<br />
Virtualising network security and<br />
performance monitoring functionality offers<br />
the same benefits for NetOps and SecOps<br />
as data centre virtualisation delivered for IT<br />
teams. These include reduced cost, hugely<br />
improved flexibility and agility, combined<br />
with the ability to change functionality easily<br />
in the future as the network grows and the<br />
threat landscape evolves, thereby making<br />
network blind spots a thing of the past. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 15
FEATURETHE IT OUTAGE<br />
SYSTEM DOWN<br />
ARE WE MORE OR LESS<br />
TOLERANT CO<strong>NC</strong>ERNING<br />
SYSTEM DOWNTIME? PETER<br />
GROUCUTT, MANAGING<br />
DIRECTOR AT DATABARRACKS<br />
PROVIDES SOME ANALYSIS<br />
It's hard to know if downtime has suddenly<br />
become more common or if we just hear<br />
about it more. In business continuity and<br />
risk management we talk about likelihood<br />
and impact, and they are two of the critical<br />
components to be considered.<br />
When you create a Risk Register, you<br />
assign a score to your own perceived<br />
risks and this helps to define what needs<br />
to be addressed first: it sets priorities.<br />
However, we need to understand if<br />
generally outages are becoming more<br />
likely, or whether it is an increase in their<br />
impact that is pushing IT outages into the<br />
headlines. I think it is probably a<br />
combination of both.<br />
TECH DEPENDE<strong>NC</strong>Y<br />
The impact of IT downtime has increased<br />
as businesses have progressed through<br />
their digital transformation initiatives. In<br />
the past, if IT systems went offline, staff<br />
could do other work. Now IT is so central<br />
to operations that there are fewer manual<br />
processes for them to revert to.<br />
IT downtime is also more visible, and in<br />
this respect, the expectation of customers<br />
has changed dramatically. The outages<br />
themselves haven't necessarily changed<br />
but the perception certainly has. Even a<br />
brief outage now draws complaints,<br />
criticism and social media attention.<br />
DOWNTIME AND CYBER THREATS<br />
For over ten years we have carried out an<br />
annual survey to track the causes of data<br />
loss and IT downtime. Hardware failure and<br />
human error top the list each year as the<br />
most common causes of downtime, but there<br />
is no trend to suggest this is either improving<br />
or getting worse. The one factor that has<br />
shown an increase as a cause of both data<br />
loss and downtime is the cyber threat.<br />
The response to non-cyber issues is<br />
simply to recover using your most recent<br />
backup. It's rarely as easy for cyber issues<br />
though, and ransomware for instance may<br />
be present in your backups. Recovering<br />
from ransomware therefore requires you to<br />
carry out several historical recoveries to<br />
find the most recent clean backup. Other<br />
cyber-attacks might force you to take<br />
systems offline to prevent the spread of<br />
malware, minimise exposure and prevent<br />
further hacks. In each case these extra<br />
steps take time and extend that difficult<br />
period of IT downtime.<br />
REDUCE IT OUTAGE<br />
Review your response strategy: outright<br />
prevention of a cyber-attack is impossible,<br />
but the focus should be on how the<br />
organisation acts if compromised. Your<br />
Incident Response Team (IRT) must have the<br />
authority to make large-scale operational<br />
decisions to take systems offline to limit the<br />
spread of infection. Once the threat has<br />
been isolated and contained, you must<br />
establish when the initial attack occurred to<br />
be able to restore using clean data.<br />
Crisis communications plan: Good<br />
recovery isn't just about technology; it's<br />
also about managing the situation. For<br />
example, Norsk Hydro recently suffered a<br />
ransomware attack providing us all with a<br />
masterclass in crisis communications with<br />
regular, honest and transparent updates.<br />
We can learn a lot from this.<br />
Assess cloud risks: We should recognise<br />
that our IT is actually far more resilient<br />
than it was 10 or 15 years ago, with entire<br />
IT estates hosted from a single server room<br />
or data centre. Most organisations now<br />
operate a hybrid cloud to some extent. This<br />
could include AWS and Azure or might just<br />
be a few tactical SaaS applications that<br />
reduces risk. An incident is unlikely to<br />
affect disparate IT.<br />
However, disparate IT makes protecting<br />
data more difficult, residing as it does in<br />
multiple locations. Protecting cloud data<br />
needs a different approach, and It's best<br />
not to rely entirely on in-built data<br />
protection options. Make your own backups<br />
of cloud data and store them separately<br />
from the production environment to another<br />
cloud or in your data centre. <strong>NC</strong><br />
16 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION<br />
TOMORROW'S ISV<br />
THE IT AND NETWORKING SUPPLY<br />
CHAIN NEEDS TO CHANGE.<br />
SCOTT MURPHY, DIRECTOR OF<br />
CLOUD AND ADVA<strong>NC</strong>ED<br />
SOLUTIONS AT INGRAM MICRO<br />
BELIEVES THAT INDEPENDENT<br />
SERVICE VENDORS MUST EVOLVE<br />
TO SURVIVE<br />
It seems to me that everyone wants a<br />
piece of the technology landscape. Not<br />
only is it becoming more crowded, but<br />
those within the space are becoming savvier<br />
and more competitive.<br />
Mergers and acquisitions are adding an<br />
additional layer of complexity, with small to<br />
medium sized businesses (SMBs) being<br />
acquired to complement existing product<br />
offerings. Start-ups are popping up across<br />
the board, offering specialised software<br />
development that addresses itself to diverse<br />
and niche business challenges.. For<br />
independent software vendors (ISVs), being<br />
heard above the noise and frenzy has never<br />
been more difficult.<br />
To stand out, providers need to be willing<br />
to step back and evaluate how they are<br />
approaching their offer, adapt to the needs<br />
of the channel, and think far into the future.<br />
MARKET DETERMINED<br />
Disruption is playing a big part in everything<br />
from the technology being used to the<br />
demands of the end-users and how their<br />
services are being delivered. This means that<br />
organisations need software solutions that not<br />
only help them today, but which can keep<br />
pace with what the future market requires.<br />
To do this, ISVs need to be actively looking<br />
beyond their existing selling points,<br />
engaging with customers and adapting to<br />
their changing needs. Essentially, an ISVs<br />
offering should be determined by the<br />
market and not the other way around.<br />
Looking beyond the product also means<br />
supporting customers once it's in place and<br />
operational. Fast and consistent technical<br />
support, the offer of training where needed<br />
and a generally smooth customer experience<br />
can help to deliver significant benefits to the<br />
customer. It will also allow ISVs to stand out<br />
from the crowd.<br />
When facing challenges with a go-tomarket<br />
strategy, the cloud service provider<br />
is best placed to support and enable the<br />
right opportunities for ISVs to grow in the<br />
channel. Fast track programmes ensure that<br />
ISVs are swiftly onboarded with tailored<br />
business enablement.<br />
MAKING THE MOST OF IT<br />
Embracing the channel and the opportunities<br />
it offers for ISVs can be daunting as changes<br />
are often required, both operationally and<br />
philosophically. Most importantly, ISVs need<br />
to embrace a channel-first mentality and<br />
make the most of it. It can often be easier to<br />
try to retrofit processes and systems to meet<br />
the needs of the channel, but instead<br />
organisations need to ensure they are<br />
meeting the channel's needs first.<br />
The choice of collaborative tools is another<br />
consideration, and having alternative<br />
relationship management or email<br />
marketing platforms in place will help to<br />
promote joint campaigns with external<br />
partners. Ultimately, it's about playing nice<br />
and seeing your business as one piece in the<br />
puzzle, rather than operating in glorious<br />
isolation. This is not something that will<br />
happen overnight, but with the right<br />
commitment across the organisation,<br />
including explaining to sales teams how it<br />
will help and working with marketing to<br />
evaluate messaging, it can be a real<br />
differentiator for ISVs.<br />
BUILDING FOR TOMORROW<br />
The software world is evolving at a<br />
breakneck pace, with as-a-service offerings<br />
changing what can be achieved and<br />
expected on smaller budgets. It can be easy<br />
to focus on the next 12 months, ensuring<br />
that you are leading today, but ignoring<br />
longer-term trends will negatively impact the<br />
future of your business.<br />
Keeping the channel and end customers<br />
happy has never been easy, and with the<br />
number of new vendors and service offerings<br />
it's harder than ever to stand out. Success<br />
depends on truly making the effort to<br />
understand what people want, then having<br />
the confidence to adapt your product and<br />
strategy to meet it.<br />
ISVs should not feel on their own though<br />
when trying to tackle these challenges.<br />
Working with a strategic partner can help<br />
them take a step back and evaluate exactly<br />
what they need to do to succeed. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 17
OPINION<br />
THE SMALL APPROACH TO BIG<br />
EVERYONE IS TALKING ABOUT MICROSERVICES AND THEIR<br />
IMPRESSIVE OPERATIONAL BENEFITS. PAUL DURZAN, SENIOR VP<br />
OF PRODUCT MANAGEMENT AT ENSONO DISCUSSES THIS FAST-<br />
GROWING ARCHITECTURAL STYLE<br />
With the high-velocity of everincreasing<br />
customer expectations,<br />
technology is a strategic<br />
advantage, helping organisations to move<br />
fast, innovate and beat the competition.<br />
Microservices has become an important<br />
component, and research shows it's now the<br />
dominant software development system,<br />
with 76 per cent of respondents considering<br />
microservices to be a high or critical<br />
priority. And yet it seems that far fewer have<br />
it on their agenda…<br />
THE MICRO APPROACH<br />
Microservices is a software development<br />
technique and is in juxtaposition to the old<br />
monolithic approach where applications<br />
were often segmented into three parts: a<br />
client-side user-interface, a database, and a<br />
server-side application. In this monolithic<br />
structure, customers came through the userinterface.<br />
The server-side application would<br />
handle the requests and would execute<br />
logic, all depending on the database.<br />
Placing all functionality into a single<br />
process wasn't a bad way of working, but it<br />
had drawbacks. Since application layers<br />
were glued tightly together, updating and<br />
changing architecture was fraught with<br />
difficulty. For example, the whole<br />
application would have to be redeployed<br />
even for a very small update, and whatever<br />
was written was not easily usable by other<br />
applications. Finally, because all parts were<br />
dependent on each other, changes had to<br />
be extensively tested. All this meant<br />
application releases were slow and<br />
infrequent, often annual.<br />
SMALL, LOOSELY COUPLED<br />
Microservices addresses this by breaking up<br />
applications into smaller, loosely coupled<br />
and independently deployable services.<br />
These suites of small services are each<br />
designed around different, very specific<br />
capabilities. They can be scaled and<br />
replicated as needed in other applications,<br />
and they can be updated independently of<br />
other parts of the application<br />
Deployed correctly, microservices offer<br />
significant agility and flexibility when<br />
developing and changing applications.<br />
Forrester research shows that many<br />
organisations struggle with lengthy<br />
deployment cycles and are not meeting their<br />
delivery dates. Unlike monolithic<br />
applications microservices can, if needed,<br />
be updated multiple times daily.<br />
IMPLEMENTING MICROSERVICES<br />
To implement successfully it is best to avoid<br />
mixing microservices with monolith<br />
architecture. The microservices approach is<br />
successful because applications are loosely<br />
coupled and can be redeployed and<br />
replicated easily, so don't lose sight of this.<br />
Let each service perform its function and<br />
develop each service to fulfil that function<br />
exceptionally well. Don't create strong<br />
dependencies and don't add unnecessary<br />
complexity to services that are performing<br />
well. Most importantly, don't start with a<br />
monolith and then expect to be able to<br />
easily carve it up later on.<br />
Efficient planning will be rewarded and<br />
optimise development: you will need to start<br />
by building a microservices oriented<br />
development platform. Establishing how to<br />
appropriately deploy, secure, and update<br />
services before committing to the initial<br />
development cycle is equally important. It<br />
will prevent problems and complexity<br />
accumulating and causing late development<br />
cycles. Managing everything well requires<br />
careful attention. Microservices can make<br />
testing and debugging more difficult, so a<br />
centralised logging and monitoring system<br />
that developers can easily check and refer to<br />
is essential.<br />
For maximum advantage I would<br />
recommend combining microservices with<br />
CI and CD. Continuous integration and<br />
continuous delivery complement<br />
microservices architectures and allow<br />
services to scale efficiently.<br />
Microservices architecture provides a level<br />
of flexibility in terms of picking the best<br />
language for the task at hand, but there will<br />
also be niche compatibility and performance<br />
issues to consider, so be conscious of any<br />
language constraints and think ahead.<br />
Organising the team will require some<br />
thought as well, and creating smaller teams<br />
that have the skills and competencies to<br />
successfully deliver and maintain the<br />
services they focus on is essential. It<br />
provides developers with a better<br />
understanding of the code they produce and<br />
its operational performance. Deployments<br />
will become seamless as teams work<br />
together to improve the code and the<br />
automation of the release pipeline. <strong>NC</strong><br />
18 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
TECHNOLOGYUPDATE<br />
MANUFACTURING LINUX CONTAINERS<br />
VIRTUALISED OPERATING SYSTEMS ARE GAINING<br />
GROUND AND SOLVING REAL-WORLD IT<br />
PROBLEMS. FLORIAN FROSCHERMEIER, TECHNICAL<br />
SALES MANAGER AT INSYS, EXPLAINS HOW<br />
MANUFACTURERS ARE USING LINUX CONTAINERS<br />
TO TRANSFORM THEIR APPLICATIONS<br />
Linux containers have become the<br />
chief method across manufacturing<br />
applications for providing small, selfcontained<br />
programs that add extra<br />
functionality to hardware. And now, with<br />
the advent of Internet of Things (IoT)<br />
gateways, such applications are set to<br />
multiply.<br />
To be clear, Linux containers (LXC) are<br />
an operating system (OS) level<br />
virtualisation method that allows for<br />
multiple isolated Linux systems to run on<br />
the single Linux kernel of a control host.<br />
This means that these programs are<br />
isolated in individual user-spaces and<br />
operate directly at the OS level. As the<br />
containers are self-contained, lightweight<br />
and hold very few components, they can<br />
be a powerful tool for adding<br />
applications to a system without worrying<br />
about any dependency errors.<br />
THE GATEWAY PORT<br />
Developers can use containers to<br />
package an application with the<br />
libraries, dependencies and other files<br />
that it needs to operate, without the host<br />
needing to install any extra assets. As<br />
the programs are self-contained, they<br />
can be ported to different Linux<br />
environments regardless of<br />
configuration, which allows developers<br />
to work any place and any time.<br />
IoT gateways are becoming increasingly<br />
vital for manufacturers that are<br />
embracing IoT systems. Smart IoT<br />
gateways are the converters that marry IT<br />
and OT systems without confusing the<br />
two. They are multi-platform devices that<br />
receive the output from OT devices and<br />
seamlessly connect this information to<br />
cloud, SCADA and remote access<br />
systems.<br />
GATED DATA<br />
For example, a business may have a<br />
third-party maintenance team for<br />
machinery, for which industrial data is<br />
being recorded. In this case, a smart IoT<br />
gateway can process the data before it is<br />
sent, to ensure that only maintenance<br />
data is sent to the third-party, regardless<br />
of whether their system is hosted on<br />
cloud or the data is being accessed by<br />
VPN or a SCADA system.<br />
A smart IoT gateway must be able to<br />
collect, provide and process data,<br />
monitor machines and run control tasks<br />
on the edge for both new and legacy<br />
machines. For these reasons, IoT<br />
gateways are the perfect place to use<br />
Linux containers to enhance data<br />
management and control systems.<br />
By ensuring smart IoT gateways have<br />
systems that can run LXC programs, endusers<br />
are able to generate bespoke<br />
applications to modify gateways to<br />
ensure that the functionality they need is<br />
available. By having bespoke<br />
applications, organisations can easily<br />
keep the edge application permanently<br />
up to date with the IoT backend.<br />
PROTECT THE IP<br />
They are also proving especially popular<br />
with small enterprise applications that are<br />
beginning to implement digitalisation, as<br />
well as remote installations that require<br />
high levels of automation to maintain or<br />
reduce costs. It also means that businesses<br />
are able to maintain IP rights over the<br />
applications they generate.<br />
For example, Swiss STEBATEC AG<br />
provides its customers with the latest plant<br />
technology for precise flow measurement<br />
and optimum sewerage control. However,<br />
its system relied on a 2G system that was<br />
about to be shut down. By using a smart<br />
gateway it was able to install LXC's that<br />
allowed the system to send meter data in<br />
.csv formats and implement an alarm<br />
system that could communicate faults by<br />
SMS, email and Modbus.<br />
This allowed the analytics provider to<br />
ensure data collection in a widely used<br />
format and consolidate systems and<br />
reduce costs for both themselves and their<br />
customers. Installing smart IoT gateways is<br />
the next step for businesses using IoT to<br />
gain an edge in the current market.<br />
Using these news tools in tandem with<br />
container software such as LXCs is proving<br />
to be an incredibly strong and versatile tool<br />
for developers and end-users. They have<br />
the potential to extend the use of legacy<br />
systems and give old pieces of technology<br />
new functions. Their use provides a<br />
gateway to continuous development. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 19
OPINION<br />
GDPR SO FAR<br />
IT'S BEEN OVER A YEAR NOW<br />
AND, FOR BETTER OR WORSE,<br />
WE ARE STUCK WITH GDPR. BUT<br />
HOW HAS IT REALLY<br />
PERFORMED? TODD PETERSON,<br />
IAM EVANGELIST AT ONE<br />
IDENTITY OFFERS SOME<br />
INSIGHT AND CONTEXT TO<br />
THIS THORNY QUESTION<br />
Recently we asked over three hundred<br />
people their opinions of some<br />
cybersecurity topics, including GDPR.<br />
With Infosecurity Europe taking place just<br />
over a year after the implementation of GDPR<br />
it represented the perfect setting to get the<br />
point of view. Nearly one-third of respondents<br />
have found GDPR ineffective, adding that the<br />
number of data breaches has increased since<br />
the regulation was introduced in May 2018.<br />
Their answers made me question whether<br />
GDPR is working, has made things worse, or<br />
has actually proved to be irrelevant. The truth<br />
may be a little of each.<br />
MISPLACED PREVENTION<br />
The fundamental problem with GDPR isn't in<br />
the regulation itself, its requirements or the<br />
penalties it boasts, it is though one of<br />
perception. GDPR is meant to protect EU<br />
citizens' personal information from unwanted<br />
sharing, distribution or use. As such, every<br />
aspect of GDPR is centred on holding<br />
organisations accountable for how they<br />
collect store and use data. Security is a part<br />
of that mandate but it is not the purpose of<br />
the mandate. So, at the end of the day, it<br />
would appear that GDPR is a failure when it<br />
comes to preventing breaches - but that's not<br />
what it was designed for.<br />
Therefore, if someone's preconceived notion<br />
of GDPR is focused on breach prevention<br />
they will be disappointed regarding its<br />
effectiveness. However, if the focus is on<br />
protecting personal data, enforcing<br />
accountability and protocol on the part of<br />
organisations and seriously punishing those<br />
that disregard it, then the only conclusion that<br />
can be made is that GDPR has been a<br />
resounding success. Most organisations now<br />
have entire programmes in place to ensure<br />
that their activities are GDPR compliant.<br />
Often those efforts focus on security to help<br />
achieve compliance.<br />
DRIVING COMPLIA<strong>NC</strong>E<br />
Preventing bad actors from obtaining any<br />
protected data is essential to upholding<br />
compliance. However, GDPR provides very<br />
little guidance on exactly what security<br />
measures should be implemented. Instead,<br />
the responsibility lies with each organisation<br />
and the measures they choose to take.<br />
Consequently, some great security practices<br />
may not necessarily be GDPR compliant. For<br />
example, user awareness isn't specifically<br />
identified as a requirement for compliance,<br />
but it is a worthwhile exercise from a<br />
business risk perspective. Conversely, some<br />
GDPR compliant efforts may not help security<br />
best practice.<br />
OVERSIGHT DRIVEN<br />
At the fundamental level, if GDPR has raised<br />
awareness and motivated action around<br />
security, even if that isn't its primary purpose,<br />
then it has done at least some of its job.<br />
Remember, GDPR was never meant to protect<br />
the data against hacks, and the feeling that<br />
data breaches have increased in number and<br />
size since its introduction is partly due to the<br />
fact that many data leaks that would<br />
otherwise go unnoticed, must now be<br />
reported to a regulatory body with strong<br />
oversight. At the very least it has made<br />
organisations accountable and brought the<br />
security of personal data to the fore with<br />
management, whose main priorities have,<br />
typically, been the bottom line.<br />
With data protection receiving so much<br />
attention in the last eighteen months, some<br />
organisations may have scrambled to buy<br />
and struggled to implement the latest and<br />
greatest technology. However, the basics of<br />
security, ensuring that the right people have<br />
the right access to the right resources -<br />
particularly regarding privileged access -<br />
including personal data, in a controlled and<br />
structure way, have not changed. That said,<br />
an organisation must be able to prove that<br />
all of this is in place through proper data<br />
and information governance, and that it can<br />
and will satisfy almost all security<br />
requirements, including those misperceived<br />
requirements of GDPR.<br />
To conclude, GDPR only failed if you tried to<br />
force a privacy round peg into the security<br />
square hole. <strong>NC</strong><br />
20 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
PRODUCTREVIEW<br />
R&S Cloud Protector<br />
from Rohde &<br />
Schwarz<br />
Cybersecurity<br />
PRODUCT REVIEW<br />
PRODUCT<br />
REVIEWPRODUCT RE<br />
The case for website and web application<br />
protection is well established, but it's time<br />
for review. Rapid cloud adoption means<br />
that most organisations rely on web-based<br />
applications for mission critical services, while<br />
all the time malevolent actors evolve their<br />
capability. In addition mounting legislation<br />
promises significant penalties when data is lost<br />
or compromised. Setting up a Web<br />
Application Firewall (WAF) on-premise and<br />
leaving it to do its work is inadequate.<br />
Organisations need to engage and refresh<br />
their posture.<br />
The cloud-based R&S Cloud Protector<br />
service from Rohde & Schwarz Cybersecurity<br />
eliminates hardware and improves access<br />
and performance. The cloud-native WAF asa-service<br />
will liberate customers to focus on<br />
their business.<br />
Licensing is premised on the amount of data<br />
handled, starting at 20 megabytes per second.<br />
This can be monitored from the Dashboard,<br />
where you can select the most appropriate<br />
band. Data peaks will not incur extra costs.<br />
Setup is quick and a DNS forward establishes<br />
a credible layer of default protection and APIs<br />
can quickly set up large numbers of URLs. The<br />
Portal opens with Dashboard, Performance,<br />
Security, Account, Settings and Alerts: each<br />
has a rich drop-down list to intuitively<br />
navigate. Next we selected a security level<br />
from Standard, Advanced and High. This<br />
essentially balances security, performance and<br />
false positives. R&S Cloud Protector can run in<br />
one of three modes: Report and do not block,<br />
a learning mode, is a good place to start.<br />
Report and block applies the system measures<br />
and Report and block with bypass allows<br />
human intervention.<br />
These modes cannot be customised, but they<br />
can be augmented with rules applied and<br />
removed as required. This form of tuning<br />
could for example block all traffic from<br />
specified domains or even countries. Bot<br />
detection is covered to prevent brute force<br />
attacks by setting the HTTP request rate to a<br />
human level. In fact, IP Address Reputations<br />
allow granular defence of the risks associated<br />
with domains, including scanners, DoS,<br />
phishing and Windows attacks.<br />
R&S Cloud Protector holds data within the EU<br />
in Paris and Frankfurt. Rohde & Schwarz<br />
Cybersecurity have put a lot of thought into<br />
taking this WAF beyond the stereotype.<br />
Seemingly counterintuitively, it actually<br />
accelerates application performance by<br />
caching frequently used web pages on the<br />
WAF to relieve WEB servers. Non EU visitors<br />
also benefit through the Content Delivery<br />
Network without compromising data<br />
sovereignty or performance.<br />
R&S Cloud Protector offers a wide range of<br />
automated reporting options and business<br />
units can monitor KPIs and receive automatic<br />
alerts. Configuration and management tasks<br />
can be distributed across a team.<br />
With such an extensive threat landscape and<br />
constant demand for web application<br />
performance and availability, the additional<br />
services from Rohde & Schwarz Cybersecurity<br />
will be popular in web application-centric<br />
environments. Some may use this just for initial<br />
setup, while others will happily delegate this<br />
critical task to specialists.<br />
R&S Cloud Protector relies on a range of<br />
external resources including OWASP threat<br />
modelling to establish a unique threat profile<br />
that works with all other measures. For<br />
example, Web Scraping is not a recognised<br />
OWASP threat but using configuration it can<br />
be blocked.<br />
Web applications require a specialist firewall<br />
to protect their services and the organisation<br />
from attack and regulation breach. This<br />
European cloud-based service provides a<br />
compelling option that delivers what is<br />
required with a few simple steps. To support<br />
growth and dynamic change, as well as more<br />
complex and larger web estates, the option of<br />
a management service is an advantage. Either<br />
way, R&S Cloud Protector will bring cost of<br />
ownership down and push defence up. The<br />
scalability and pricing of R&S Cloud Protector<br />
means that the best is no longer the exclusive<br />
preserve of the enterprise. <strong>NC</strong><br />
Product: R&S Cloud Protector<br />
Supplier: Rohde & Schwarz Cybersecurity<br />
Web site: www.cloudprotector.com<br />
Email: cybersecurity@rohde-schwarz.com<br />
Telephone: +44 (0) 1252 818835<br />
Price: Starting at €199 per month per site<br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 21
OPINION<br />
DATA AS CURRE<strong>NC</strong>Y<br />
THE AGE OF ZERO TRUST SEEMS TO BE ESTABLISHING A<br />
FOOTHOLD. RICHARD AGNEW, VP EMEA AT CODE42 DISCUSSES<br />
WHAT THIS MEANS FOR DATA LOSS PROTECTION<br />
Data is the currency of business,<br />
making its protection crucial.<br />
Safeguarding information effectively<br />
has been a focus of data security for as<br />
long as PCs and the internet have existed,<br />
but traditional data loss prevention (DLP)<br />
solutions have fallen short, especially<br />
concerning the insider threat.<br />
The data protection challenge is becoming<br />
more complex as organisations mitigate<br />
insider threat using Zero Trust strategies. A<br />
recent study by Forrester illustrates how<br />
traditional DLP solutions are ill equipped to<br />
function in a Zero Trust architecture, which<br />
uses the principle of trust no one and verify<br />
everything. Legacy DLP tools that are<br />
questionably effective in a best-case<br />
scenario are simply unable to deliver in a<br />
more dynamic mobile and cloud<br />
environment where insider threats lurk.<br />
TRADITIONAL DLP STRUGGLES<br />
Most organisations understand that<br />
protecting data is imperative.<br />
Unfortunately, the traditional approach to<br />
securing data, attempting to prevent<br />
breaches through blocks, perimeters and<br />
classification requirements is cumbersome,<br />
and has a variety of flaws that impede<br />
innovation and slow down productivity.<br />
The Forrester study reports that nearly 90<br />
per cent of those surveyed are investing, or<br />
plan to invest in DLP as part of their Zero<br />
Trust initiative. Unfortunately, two-thirds<br />
also said that their legacy DLP solutions<br />
frequently block employees from accessing<br />
the data that they should legitimately have<br />
access to.<br />
ADDRESS THE INSIDER THREAT<br />
Employees, at all levels, often take sensitive<br />
information and intellectual property with<br />
them when they leave the company. One<br />
study found that 60 per cent of employees<br />
leaving a company, whether it's their choice<br />
or not, admit to taking company data with<br />
them, and 70 per cent of IP theft happens<br />
in the month before an employee tenders<br />
their resignation.<br />
Our own recent research found that even<br />
though traditional DLP solutions are<br />
widespread, they are not proving effective<br />
in protecting data from insider threats.<br />
Organisations are beginning to realise that<br />
prevention strategies alone don't work, but<br />
they have not yet evolved their approach to<br />
deal with the challenge of the growing<br />
insider threat. IT managers are expected to<br />
protect valuable data, but they don't have<br />
the necessary visibility beyond employee<br />
endpoints and into cloud applications to<br />
do it effectively.<br />
ZERO TRUST PROTECTION<br />
To better protect data, start by developing<br />
a data theft policy and ensure employees<br />
understand it. Many knowledge workers<br />
mistakenly feel entitled to the data they<br />
create and manage. Companies must<br />
educate employees about their data policy<br />
and stress that sensitive data is intellectual<br />
property and it belongs to the company.<br />
Next, identify indicators of compromise for<br />
insider data theft. Security teams should also<br />
have specific protocols designed to detect<br />
access or transfer of data that has higher<br />
intellectual property value for the company.<br />
Organisations also need to build a data<br />
time machine. By the time you're aware the<br />
employee is an increased threat for data<br />
theft, the data is already gone. Companies<br />
need to have tools in place that enable<br />
security teams to evaluate their activity<br />
going back for months to identify potential<br />
data theft. If suspicious file movement is<br />
detected, it should be referred to HR and<br />
legal to formulate a response.<br />
Finally, the data loss protection solution<br />
must have the agility and scalability to<br />
function in a complex, hybrid-cloud<br />
environment without hindering innovation<br />
or productivity or preventing legitimate<br />
access to information. The Zero Trust<br />
philosophy makes sense, but your DLP<br />
needs to be able to protect data effectively<br />
in a trust no one, verify everything<br />
architecture.<br />
Nothing eliminates risk entirely. However,<br />
putting into place some proven best<br />
practices can greatly reduce the danger of<br />
the trusted insider and help organisations<br />
to effectively manage their data loss<br />
protection in an age of Zero Trust. <strong>NC</strong><br />
22 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION<br />
BREAKING THE IT VENDOR MONOPOLY<br />
IS THE STAID TECH SECTOR FRAGMENTING? RONAK SHAH, AN ELECTRONICS AND<br />
COMMUNICATION ENGINEERING GRADUATE AT FACT.MR, OUTLINES THE DAWN OF AN ALTERED,<br />
EMERGING MULTI-VENDOR IT REALITY<br />
Technology engenders digitalisation,<br />
paving the way for globalisation. In turn<br />
sectors including finance, healthcare,<br />
energy, automotive, manufacturing and food,<br />
jump onto the bandwagon and leverage this<br />
technology, with the quest of performing<br />
better with the consumer using customised<br />
offerings, and squeezing overhead costs with<br />
efficient processes.<br />
All this while, Dell EMC, Cisco Systems, Aruba<br />
Networks, Juniper Systems and other tech<br />
leaders of the same epoch enjoy monopolistic<br />
status in distributing software and network<br />
equipment. However, as soon as the pitch of<br />
voices against the reckless use of consumer<br />
data turns shrill, compliance issues encircling<br />
data privacy protocols gain momentum - and<br />
the restructuring of the IT industry, rather a<br />
disparate one, begins to emerge.<br />
Besides the impact of GDPR, the<br />
channelisation of technology from a taskoriented<br />
use to the exploration of its probable<br />
use in different applications, portends the<br />
arrival of new competitors, all waiting to<br />
capitalise on the industry's high ROI potential.<br />
Research suggests that the enterprise network<br />
equipment market will be worth roughly US$<br />
18 billion globally by 2027.<br />
Though currently concentrated, the attraction<br />
of this business potential with a strong focus on<br />
telecom services, emerging tech, IT and<br />
business services, devices and infrastructure<br />
and software, provides many opportunities for<br />
new entrants to this emerging market, with a<br />
personalised rather than standardised<br />
approach gradually making the landscape<br />
fragmented. The influence of profitability and<br />
data compliance in the IT industry implies that a<br />
shift from a single vendor monopoly to a multivendor<br />
landscape is underway.<br />
A STAKE IN THE OUTCOME<br />
The very basis of a consolidated landscape is to<br />
have a free flow of technology and data across<br />
the globe for organisations, in order to leverage<br />
reciprocal advantage. However, as governments<br />
of numerous regions, especially Europe, are<br />
strengthening their dominance over data<br />
generated within their own regions, IT<br />
stakeholders are hard-pressed to rethink their<br />
business strategies and processes.<br />
The additional cost of sourcing human<br />
resources to match up to a competitor's<br />
development capacity, coupled with the need to<br />
multiply IT infrastructures with region specific<br />
data centres, will become cost-intensive. Security<br />
measures for the protection of localised data<br />
that is split and stored at different locations will<br />
add to the complexity of the infrastructure.<br />
The impact of multiple vendor IT landscape will<br />
also be felt by its customers. Since the<br />
penetration of the data will be narrow, analytics<br />
regarding consumers' sentiments and tracking<br />
systems will be inhibited. However,<br />
fragmentation will bring in local advantage for<br />
stakeholders, which means that they need to<br />
focus on the research and development<br />
activities to foster innovation, while staying<br />
abreast with the protocols that govern the IT<br />
industry in targeted geographies.<br />
DON'T FRAGMENT, ADAPT<br />
Success in the local market is vital to future<br />
growth and that holds true for the booming IT<br />
industry. Fragmentation means that companies<br />
need to urgently address the local needs and<br />
thrive on the back of customised services.<br />
Though standard development of software and<br />
network equipment is far more economical than<br />
a personalised variant given the intensity of<br />
competitors and their scale ranging from small<br />
to large, it is imperative that IT companies<br />
strengthen their foothold in the local markets<br />
and gradually leverage the prowess of mergers,<br />
acquisition and partnerships to strategically<br />
consolidate their market position.<br />
In the near future, where the penetration of<br />
cutting-edge technology will be ubiquitous and<br />
data will become a real business asset,<br />
stringency in data protection laws will become<br />
more common. However, the opportunity to<br />
differentiate product offerings in different markets<br />
combined with a lack of dominant players will<br />
present a chance for small, mid, and large-scale<br />
organisations to shape the industry's evolution<br />
based on their capacities to innovate. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 23
FEATUREDIGITAL TRANSFORMATION<br />
DIGITAL NETWORKING<br />
DIGITAL TRANSFORMATION REQUIRES A NEW<br />
NETWORKING APPROACH. PETE LUMBIS,<br />
TECHNICAL EVANGELIST AT CUMULUS<br />
NETWORKS TALKS ABOUT APPLYING WEB-<br />
SCALE NETWORKING PRI<strong>NC</strong>IPLES TO DIGITAL<br />
TRANSFORMATION<br />
Digital transformation means different<br />
things to different organisations,<br />
including shifting workloads to the<br />
cloud, greater use of data analytics,<br />
improving employee mobility and automating<br />
process. But one thing's for sure, no matter<br />
what your digital transformation strategy<br />
looks like, your network is going to be either<br />
a help or a hindrance to your digital<br />
transformation project.<br />
Understanding the challenges of digital<br />
transformation are essential. These include,<br />
for example, how to implement web-scale<br />
networking principles like disaggregation<br />
and the economy of choice and automation<br />
to make digital transformation possible and<br />
profitable.<br />
NETWORK SCALABILITY<br />
As well as being customised to fit an<br />
organisation's needs, the network must also<br />
be flexible enough to adapt when those<br />
needs change. This is why network scalability<br />
is critical to any digital transformation<br />
project. There are different levels of<br />
scalability and different ways to achieve it.<br />
Whether to scale vertically or horizontally is a<br />
network decision that can ultimately affect<br />
every organisational detail.<br />
The 'bigger is better' mentality in response<br />
to flexibility and performance concerns is<br />
traditional, but in IT terms this means scaling<br />
up or scaling vertically to meet performance<br />
requirements. Whilst a perfectly sensible<br />
solution, it does mean that organisations are<br />
limited to the biggest switch available.<br />
Additionally, when the switch is no longer<br />
big enough it must be replaced, resulting in<br />
downtime.<br />
Alternatively, organisations can combine<br />
multiple smaller switches to achieve the<br />
performance offered by one larger switch. This<br />
is called scaling out, or scaling horizontally.<br />
The advantage is that it's not limited by the<br />
power of a single switch, and as the<br />
organisation's needs grow you can add further<br />
smaller switches to work together and share<br />
the load. As a bonus, scaling out limits the<br />
size of failure domains, so if one small switch<br />
out of dozens fails, the impact is small. If an<br />
organisation has redundant connections, the<br />
impact may be minimal with just a temporary<br />
performance drop.<br />
FREEDOM TO BOOST<br />
Predictably, Gartner says that "the top<br />
networking challenge is improving agility." But<br />
surprisingly their advice is to "shift investments<br />
away from premium networking products<br />
toward existing network personnel." In other<br />
words, the answer to improving a network's<br />
speed and agility is not buying large,<br />
expensive, proprietary switches and premium<br />
automation solutions, but letting the people<br />
who truly know the network decide the best<br />
way to achieve agility.<br />
By using a disaggregated model<br />
organisations can choose the switches that<br />
best suit their requirements, even for specific<br />
services. This makes their infrastructure<br />
completely customisable and agile. By<br />
choosing an open network operating system,<br />
organisations can then select and fully<br />
integrate the applications required to improve<br />
optimisation. The result is a network that is<br />
more affordable to build, more agile to adjust<br />
and easier to expand as business demands<br />
change and grow. It also leaves organisations<br />
with budget to invest in premium engineers to<br />
build innovative infrastructure designs and<br />
truly innovate the network.<br />
CUSTOMISED AUTOMATION<br />
Automation is the final piece of the scalability<br />
puzzle. As the network grows and becomes<br />
more complex, manual configurations<br />
become increasingly time-consuming, difficult,<br />
and risky.<br />
The tight coupling of hardware and software<br />
limits automation choices and a proprietary<br />
network operating system means either using<br />
proprietary automation software or hacking an<br />
organisation's own automation solution.<br />
Again, the one-size-fits-all mentality gets in the<br />
way of achieving digital transformation<br />
objectives. Instead, the networking team needs<br />
the freedom to craft customised automation<br />
solutions for organisational objectives.<br />
Digital transformation is changing the way<br />
organisations think about network scalability<br />
and agility. As the demand for power and<br />
speed increases with digital adoption and<br />
innovation, these changes will become<br />
immediately critical. To stay ahead of the<br />
game, organisations must rethink these<br />
changes and utilise disaggregation,<br />
horizontal scale and automation for their<br />
own advantage. <strong>NC</strong><br />
24 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION<br />
MAKING THE GRADE?<br />
ORGANISATIONS ARE SO<br />
DEPENDENT ON APPLICATION<br />
PROGRAM INTERFACES FOR<br />
THEIR DIGITALLY TRANSFORMED<br />
OPERATIONS THAT IT'S TIME TO<br />
TAKE STOCK. JAMES HIRST, COO<br />
& COFOUNDER AT TYK OFFERS<br />
SOME INSIGHT<br />
The best application program interfaces<br />
(APIs) allow developers to make a real<br />
difference in an organisation. Successful<br />
API adoption requires that organisations take<br />
responsibility for their APIs, looking beyond<br />
the purely technical aspects and thinking<br />
critically about how they should be deployed<br />
within their own organisation.<br />
In contrast, for developers, there are many<br />
vital aspects of API development to consider,<br />
and each one is as critical to the health and<br />
future of the product as the last. If developers<br />
can build an API with these essentials in mind<br />
then the chances of a successful product with<br />
longevity will be increased.<br />
RESPONSIBLE API ADOPTION<br />
The best way for developers to consider their<br />
APIs within the context of an organisation's<br />
strategy is by looking beyond the technical<br />
details and considering the real-life<br />
applications in which the API will play its role.<br />
Applying the essentials of business strategy<br />
and planning to APIs offers developers a<br />
level of foresight during the build process.<br />
Developers who can see the bigger<br />
problem through the process, such as how<br />
it applies operationally, are more likely to<br />
produce an impactful API that can deliver<br />
high-quality results.<br />
SOLVE THE RIGHT PROBLEM<br />
A critical mistake that development teams<br />
make is by focusing on the wrong problem,<br />
and this ultimately leads to an API product<br />
that fails to meet its customer's<br />
expectations. If teams don't validate their<br />
assumptions as they go along, they'll end<br />
up building an entirely inappropriate<br />
product for the wrong audience.<br />
To avoid this costly error, a clear<br />
development plan needs to be implemented<br />
from the very beginning. Mapping out the API<br />
and how it fits into the common usage<br />
scenarios is an effective way of achieving this.<br />
SELECT THE RIGHT TECHNOLOGIES<br />
The best application development framework<br />
for building APIs needs to be considered. It's<br />
important to bring business leaders into this<br />
discussion as they can help to identify the<br />
right use cases for the APIs based on their<br />
solid understanding of operational<br />
requirements. IT leaders are also able to<br />
offer support with their recommendations<br />
based on technology feasibility, such as<br />
back-end readiness.<br />
At this point, developers and engineers<br />
should look to set up API gateway boundaries,<br />
providing tool kits and API catalogues so that<br />
organisations adhere to best practices. The<br />
gateway's role is to house all of the APIs,<br />
capture analytics on the product's interactions,<br />
and perform data caching.<br />
DELIVER CLEAR BUSINESS VALUE<br />
A lot of leading organisations are starting to<br />
define their APIs in a way that creates a<br />
common language that is understood by both<br />
C-suite executives and technical departments.<br />
To achieve this, distinguishing between APIs<br />
that provide a direct impact to the<br />
organisation (a product where business input<br />
is vital) compared to those that are<br />
specifically an enablement of a product will<br />
be essential.<br />
By following this strategy, non-IT employees<br />
are able to communicate to developers what<br />
kind of API they require to deliver a customer<br />
experience, and what kind of API is needed<br />
to deliver the infrastructure required for<br />
those experiences.<br />
UNLOCKING THE FUTURE<br />
Like the majority of digital products, APIs<br />
evolve throughout their product lifecycle,<br />
maturing to meet shifting customer<br />
expectations over time. Once the initial API<br />
has been deployed, organisations are<br />
opened up to a new world of possibility that<br />
couldn't be accessed before. The most<br />
effective way of capitalising on this<br />
opportunity is by keeping the future in mind<br />
throughout the development process.<br />
Developers must define their API product<br />
roadmap and continuously deliver while<br />
seeking input from their stakeholders.<br />
Ongoing feedback from all the parties<br />
involved, from the initial release and<br />
beyond, is critical for gaining traction and<br />
maturity, not to mention the trust and respect<br />
of customers. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 25
PRODUCTREVIEW<br />
Altaro Office 365<br />
Backup<br />
PRODUCT REVIEW<br />
PRODUCT<br />
REVIEWPRODUCT RE<br />
The lack of integral backup and point-intime<br />
restoration facilities for Microsoft<br />
Office 365 has left many businesses<br />
facing a bewildering range of third-party<br />
solutions. They all claim to offer the best<br />
features, but Altaro's Office 365 Backup stands<br />
out as remarkably easy to use and affordable<br />
for all sizes of businesses.<br />
Along with Office 365 mailbox backup, it<br />
can protect OneDrive for Business files and<br />
SharePoint Document Libraries. If you don't use<br />
them all that's not a problem, as Altaro's<br />
flexible licensing schemes allow you to choose<br />
the components you require and the number<br />
of users you want to protect, with substantial<br />
discounts offered on multi-year subscriptions.<br />
No need to worry about backup storage either<br />
as Altaro does it all for you in the cloud.<br />
Backups are maintained in its Microsoft Azure<br />
data centres based in the Netherlands and all<br />
transfers are secured with AES-256 encryption.<br />
The product is accessed from the same cloud<br />
management console as Altaro's excellent VM<br />
Backup solution and is extremely easy to<br />
deploy. After defining your Office 365<br />
organisation the console switches over to your<br />
Microsoft account, where you sign in and<br />
accept the access permission request.<br />
The next step is to decide whether to secure<br />
all mailboxes or selected ones - and that's all<br />
there is to it as Altaro then starts backing up<br />
your organisation. If your Office 365 account<br />
includes OneDrive for Business files and<br />
SharePoint sites, these are automatically added<br />
to the console and backed up as well. You can<br />
sit back and take it easy now as you don't even<br />
need to set up schedules. This is all completely<br />
automated as after the first full backup, Altaro<br />
runs incremental mailbox, OneDrive and<br />
SharePoint backups up to a maximum of four<br />
times per day.<br />
The smart cloud console opens with a<br />
dashboard showing current activity, backup<br />
health status and a history of the latest restore<br />
operations. For more information, move onto<br />
the Backup section where you can see the<br />
current status of all individual mailbox,<br />
OneDrive and SharePoint backups.<br />
Altaro offers multiple data restoration choices<br />
as you can select a user backup and from its<br />
dropdown menu, opt to restore all emails,<br />
calendar items and contacts back to the<br />
original mailbox, to another mailbox or a<br />
different Office 365 organisation. Other<br />
options include restoring mailboxes back to<br />
password-protected PST or ZIP files which are<br />
emailed to the contact of your choice.<br />
As you'd expect, item-level restores are<br />
supported where you choose granular restores,<br />
browse a user, select individual emails or<br />
OneDrive files and decide where to send<br />
them. The same processes apply to SharePoint<br />
as you can browse a site and restore all of its<br />
files or selected ones.<br />
More importantly, Altaro retains every backup<br />
from when your subscription started, so you<br />
can browse all versions and go back to a<br />
specific point in time. If you prefer, you can use<br />
the console's Restore section which runs a<br />
wizard to help choose backed up items, pick a<br />
version and decide where to send it. The<br />
console provides plenty of information about<br />
subscription usage and can send email alerts<br />
to selected recipients for successful and failed<br />
backup and restore operations. It also<br />
maintains a full audit trail for all user<br />
accesses and activities which can be exported<br />
as a CSV file.<br />
Altaro offers everything a business needs to<br />
secure its Microsoft Office 365 organisations<br />
and can be swiftly deployed in the cloud<br />
without disrupting normal operations. All<br />
backup processes are fully automated, it<br />
provides an excellent range of both full and<br />
granular restore facilities and delivers peace of<br />
mind at a very affordable price. <strong>NC</strong><br />
Product: Altaro Office 365 Backup<br />
Supplier: Altaro Software<br />
Web site: www.altaro.com<br />
Tel: +44 (0) 203 397 6280<br />
Sales: sales@altaro.com<br />
Price: Starts from £324 per year for 10 users<br />
(excluding VAT)<br />
26 NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK<br />
NETWORKcomputing
OPINION<br />
NARROWING THE CYBER GAP<br />
MILLIONS OF PEOPLE WORK IN CYBERSECURITY<br />
WORLDWIDE, YET THE DEMAND FOR<br />
PROFESSIONALS EXCEEDS SUPPLY. DESHINI<br />
NEWMAN, MANAGING DIRECTOR EMEA AT<br />
(ISC) 2 SHARES SOME THOUGHTS AND RECENT<br />
RESEARCH ON THE SKILLS SHORTAGE<br />
The surge in digital transformations for<br />
both businesses and the public sector<br />
has raised the stakes for IT security.<br />
With more data and operations now<br />
completely digitised, connected and<br />
potentially at greater risk, the demand for<br />
skilled cybersecurity professionals to deal<br />
with strategic and operational IT security<br />
matters is higher than ever.<br />
TAKING STOCK<br />
Every year the (ISC)² Cybersecurity<br />
Workforce Study takes a deep dive into the<br />
state of the sector to better understand the<br />
concerns of cybersecurity practitioners and<br />
their employers. This year, the study went<br />
one step further and estimated for the first<br />
time the size of the active cybersecurity<br />
workforce alongside the skills deficit. The<br />
global workforce estimate is 2.8 million of<br />
which around 289,000 people are in the<br />
UK. This workforce falls far short of current<br />
demand and is fast becoming one of the<br />
industry's biggest challenges.<br />
This shortage inhibits the capability of all<br />
organisations regardless of their size or<br />
sector. In fact, the shortage of more than<br />
four million people globally is the greatest<br />
concern to those currently working in the<br />
sector. Attacks are not declining, in fact<br />
mobile malware attacks have doubled in the<br />
face of changing device use, while<br />
ransomware variants including WannaCry,<br />
Snatch, NextCry, Dharma and STOP Djvu<br />
continue to pose high-profile threats.<br />
WHAT TO DO<br />
To address the gap we must grow the size<br />
of the cybersecurity workforce. This means<br />
that we need to increase the pool of<br />
interested, talented and skilled individuals<br />
for employers to draw from. There simply<br />
aren't enough people available to satisfy<br />
the demand.<br />
If we are to grow the talent pool and<br />
attract career changers into the<br />
cybersecurity sector, we need to take some<br />
decisive action.<br />
TAKING STEPS<br />
To get a balanced workforce in respect of<br />
talent and ability, we need to consider<br />
gender diversity. While 30 per cent of study<br />
participants were women, with 23 per cent<br />
using security-specific titles, considerably<br />
more must be done to establish<br />
meaningful gender equality. That is best<br />
done by bringing more women into<br />
cybersecurity roles in both front-line and<br />
leadership positions, by encouraging<br />
women through mentoring, scholarships<br />
and training as well as career changing<br />
opportunities.<br />
Getting the cyber capability mix right also<br />
needs cultural and ethnic diversity. While<br />
ensuring that cybersecurity roles are more<br />
appealing to women, there is an argument<br />
for doing more to boost cultural diversity<br />
and broadening the ethnicity of the<br />
workforce. This will not only better reflect<br />
the make-up of society and widen the<br />
available workforce, but will also introduce<br />
new ideas and approaches.<br />
To grow a skilled workforce, people<br />
require ready access to training and<br />
education. We need to do more at an early<br />
age to attract people into STEM subjects<br />
and set them up for a potential career in<br />
cybersecurity. However, on-the-job training,<br />
along with achieving certifications that<br />
confirm a high degree of competency, are<br />
essential for growing and qualifying<br />
tomorrow's workforce.<br />
More middle ground needs to be offered<br />
by employers to make cybersecurity a more<br />
appealing career opportunity. This way<br />
they can attract employees for whom the<br />
regular working day isn't possible or<br />
practical, including parents, carers, those<br />
retraining and those with long or<br />
impractical commutes. This includes<br />
flexible working, along with leveraging new<br />
technology so that cybersecurity<br />
practitioners are not tied to a single<br />
location for their work.<br />
While the global cybersecurity workforce<br />
gap is substantial, we need to be creative<br />
in filling it. Based on our figures, we need<br />
to grow the sector workforce by 145 per<br />
cent. We also need to create opportunities<br />
that will provide an influx of new talent into<br />
the sector that were not accessible<br />
previously, and narrow that skills gap. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 27
SECURITYUPDATE<br />
DISRUPTION AGENDA<br />
WITH OPERATIONAL TECHNOLOGY AND IT<br />
NATURALLY COALESCING, THERE IS A NEW<br />
EMERGING CYBER-PHYSICAL THREAT. CHRIS<br />
SHERRY, REGIONAL VICE PRESIDENT OF EMEA<br />
NORTH AT FORESCOUT EXPLAINS THIS<br />
DISRUPTIVE THREAT VECTOR<br />
Historically, the modus operandi of bad<br />
actors has been to embed malicious<br />
code within corporate networks with<br />
the clear objective of extracting cash.<br />
However, more recently and most significantly<br />
in <strong>2019</strong>, this tactic has been considerably<br />
overshadowed.<br />
While of course still popular, there has been<br />
a significant shift. Attackers are now aiming<br />
towards disabling key services and critical<br />
infrastructure such as those seen in<br />
manufacturing, transportation and healthcare,<br />
in order to damage operational efficiency and<br />
wreak havoc through downtime. Through its<br />
ability to compromise the availability, integrity,<br />
and confidentiality of the systems, networks,<br />
and data belonging to the target, this new<br />
threat phenomenon has been coined<br />
disruptionware in a recent report from the<br />
Institute of Critical infrastructure Technology.<br />
DISRUPTION DEFINED<br />
This evolution is the natural development of a<br />
decade of trendsetting attacks from nationstate<br />
advanced persistent threat (APT) actors.<br />
In 2013, the BlackEnergy malware was<br />
leveraged to temporarily disrupt the Ukrainian<br />
electric grid. More recently, in <strong>Dec</strong>ember<br />
2017, it was revealed that the Triton malware<br />
had disrupted the safety systems of an<br />
unidentified power station in the Middle East.<br />
Today, it has become an even more<br />
significant threat to critical infrastructure, as<br />
tools have been developed beyond the<br />
BrickerBot malware and botnets of the past<br />
decade, and are now easily accessible by<br />
script kiddies and cybercriminals around the<br />
world. For example, the LockerGoga attacks<br />
resulted in tens of millions of reported losses<br />
and the June <strong>2019</strong> Silex attacks left<br />
thousands of Internet of Things (IoT) devices<br />
inoperable.<br />
UNSOPHISTICATED RISK<br />
As IT and OT environments converge and<br />
become more automated, manufacturing<br />
environments are becoming increasingly<br />
reliant on industrial IoT sensors and devices,<br />
which may be unsecured due to a lack of<br />
layered security by design, default<br />
administrative credentials, or a plethora of<br />
other vulnerabilities. Further to that,<br />
unregistered devices may creep onto the<br />
network, and any such devices which are not<br />
secured by the information security team may<br />
be used as unsecured access points for<br />
targeted malware including disruptionware.<br />
These targeted cyber-attacks require very<br />
little technical sophistication, making them<br />
low-risk with potentially high-reward. Norsk<br />
Hydro suffered $40 million in losses after<br />
switching to manual operations, while its<br />
systems were restored and the ransomware<br />
infection was removed.<br />
MITIGATING THE RISK<br />
Operators need to understand the degree to<br />
which physical equipment, control systems,<br />
office IT and other assets touch each other,<br />
and ultimately the Internet, using visibility and<br />
control solutions - or risk having security blind<br />
spots. They also need to make sure these<br />
ever-changing network connections are<br />
properly segmented, and watch for changing<br />
patterns in network behaviour that could<br />
indicate that someone off-premise might be<br />
introducing a shared connection to exploit for<br />
the network entry. Other risk factors include<br />
wider use of vulnerable third-party partners<br />
and services in critical sectors and network<br />
drift, which is when unmonitored devices<br />
creep onto the network. Mitigating these<br />
factors will go a long way towards preventing<br />
a Zero-Day attack.<br />
Once enough adversaries adopt<br />
disruptionware variants that have proven<br />
successful in the public arena, such as<br />
LockerGoga, the evolution of threats against<br />
manufacturing and other OT heavy<br />
environments will escalate. After all,<br />
disruptionware is about more than just<br />
preventing access to systems and data. It is<br />
about suspending operations, disrupting<br />
continuity and crippling an organisation's<br />
ability to engage in operations, gather<br />
resources and disseminate deliverables. In<br />
other words, productivity is the real target.<br />
For now the sophistication of such attacks<br />
remains low-level, but once more advanced<br />
adversaries evolve the code, critical<br />
infrastructure organisations may not be able<br />
to recover from a deluge of operational<br />
threats. In the interest of national security,<br />
government bodies and private sector<br />
stakeholders should not delay, but rather rush<br />
to address this emerging threat. <strong>NC</strong><br />
28 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION<br />
TAKING LEGACY TO THE CLOUD<br />
MOVING TO THE CLOUD PROVIDES THE CHA<strong>NC</strong>E TO RENEW,<br />
BUT IT'S NOT ALWAYS NECESSARY OR PRACTICAL. NEILL HART,<br />
COGNITIVE COMPUTING ENABLEMENT AT CSI THINKS THAT<br />
NEGATIVE MYTHS AROUND CLOUD ADOPTION MUST BE<br />
CHALLENGED<br />
Cloud adoption is high-up on most<br />
board agendas with many<br />
companies having already begun<br />
this part of their digital transformation.<br />
However, there are still many who aren't<br />
using cloud to their advantage. We<br />
estimate that 80 per cent of UK business<br />
workloads operate using private onpremise<br />
systems, often using legacy<br />
technology, meaning that they can't take<br />
full advantage of what the cloud offers.<br />
Research by Sapio found that 85 per cent<br />
of UK businesses identify a lack of ability<br />
to migrate legacy apps to cloud as<br />
negatively impacting their business.<br />
Remaining on underlying legacy<br />
infrastructure is resulting in backups and<br />
patches taking too long for over a third of<br />
the companies surveyed, and a further<br />
third say they are not making efficient<br />
decisions with their IT.<br />
CLOUD DRIVEN VALUE<br />
Running applications in the cloud allows<br />
an organisation to create value faster and<br />
take advantage of newer and more<br />
powerful technology to deliver consistent<br />
and compliant workloads. It also helps<br />
them maintain a strong business focus.<br />
In the financial sector, a third of IT<br />
managers say the lack of high-speed<br />
access to ecosystem partners prevents<br />
them from moving their customer<br />
experience forward. Also that they don't<br />
have the infrastructure to support AIdriven<br />
applications.<br />
DIGITAL PRODUCTIVITY<br />
The digital age promises significant<br />
productivity gains for the way that<br />
businesses operate, and cloud adoption is<br />
a vital step in the digital transformation<br />
journey. When innovations are restricted<br />
due to workloads remaining on closed<br />
systems, organisations will fall behind their<br />
competitors. But there is a fundamental<br />
misconception that legacy apps can't be<br />
migrated to the cloud: this isn't true.<br />
Of course, the journey to the cloud for<br />
critical workloads and data has multiple<br />
dependencies. They include a compelling<br />
business case, strategic objectives, thorough<br />
planning, and detailed preparation of existing<br />
infrastructure and workloads. There are<br />
solutions to every challenge.<br />
MIGRATE TO THE CLOUD<br />
Instead of assuming a legacy application is<br />
too complex to move to the cloud,<br />
companies must undertake a thorough<br />
discovery of their environment in the context<br />
of the latest private and public cloud<br />
offerings. With the correct groundwork many<br />
applications can be migrated to an<br />
equivalent cloud infrastructure without any<br />
programme changes, and often with<br />
significant performance improvement.<br />
Automated migration tools manage bulk<br />
cloud migrations safely and quickly.<br />
Where a readiness assessment shows that a<br />
legacy application cannot run on the up-todate<br />
infrastructure, application<br />
modernisation can transform the code and<br />
database to current standards. The<br />
refactored application can then be moved to<br />
a new platform and benefit from cloud<br />
economics. In the few cases where cloud<br />
migration is not viable, investment in existing<br />
applications can still be extended by<br />
converting green screen displays with a<br />
modern user interface and mobile access.<br />
PAST SECURITY<br />
Our research also found that some<br />
resistance remains about moving apps to the<br />
cloud due to security concerns. It found that<br />
36 per cent of financial services providers<br />
believe that security issues associated with the<br />
cloud are a barrier to change, whilst 31 per<br />
cent cited unclear security governance<br />
guidance from the FCA.<br />
The volume of regulations and legislation<br />
is a common theme in the financial services<br />
sector, meaning many companies wrongly<br />
shy away from the cloud. Whilst handing<br />
responsibility over to a third party (rather<br />
than keeping it on-premise) involves great<br />
trust, cloud systems are proven to offer a far<br />
more stringent way of managing security<br />
and compliance.<br />
There is no doubt that this shift from onpremise<br />
hardware to the cloud can enable<br />
business operations to transform. The hybrid<br />
cloud environment is configurable, scalable<br />
and protected with enterprise-grade cyber<br />
security services. The result is a consumptionbased<br />
commercial model which avoids overinvestment<br />
or under-provisioning and allows<br />
for business growth through innovation. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 29
Nominations are now open for the 2020 Awards and we want you, the readers of<br />
Network Computing, to tell us who and what has impressed you.<br />
Here are the categories we will be asking you to make nominations in:<br />
NETWORK INFRASTRUCTURE PRODUCT OF THE YEAR<br />
DATA CENTRE PRODUCT OF THE YEAR<br />
IT OPTIMISATION PRODUCT OF THE YEAR<br />
TESTING / MONITORING PRODUCT OF THE YEAR<br />
CLOUD TELEPHONY PRODUCT OF THE YEAR<br />
STORAGE PRODUCT OF THE YEAR<br />
NETWORK MANAGEMENT PRODUCT OF THE YEAR<br />
DATA PROTECTION PRODUCT OF THE YEAR<br />
SD-WAN VENDOR OF THE YEAR<br />
CLOUD-DELIVERED SECURITY SOLUTION OF THE YEAR<br />
THE RETURN ON INVESTMENT AWARD<br />
NEW HARDWARE PRODUCT OF THE YEAR<br />
NEW SOFTWARE PRODUCT OF THE YEAR<br />
NEW CLOUD SOLUTION OF THE YEAR<br />
NETWORKS ON THE EDGE AWARD<br />
SALES ENABLEMENT SOLUTION OF THE YEAR<br />
EDUCATION AND TRAINING PROVIDER OF THE YEAR<br />
DISTRIBUTOR OF THE YEAR<br />
RESELLER OF THE YEAR<br />
HARDWARE PRODUCT OF THE YEAR<br />
SOFTWARE PRODUCT OF THE YEAR<br />
CLOUD BASED SOLUTION OF THE YEAR<br />
THE CUSTOMER SERVICE AWARD<br />
THE ONE TO WATCH COMPANY<br />
THE INSPIRATION AWARD<br />
PRODUCT OF THE YEAR<br />
COMPANY OF THE YEAR
As has always been the case, results in most of the categories will be determined by<br />
nominating and voting. However, the Network Computing Awards also give you<br />
opportunities to be recognised by a Judge.<br />
The Bench Tested Product of the Year is open to all solutions that have been independently<br />
reviewed for Network Computing in the year leading up the Awards. There is still time - although<br />
you will need to act quickly - for your solution(s) to join the list of contenders. Book your review<br />
by contacting Dave Bonner or Julie Cornish on +44 (0) 1689 616000<br />
The Network Project of the Year categories recognise impressive work that a company or an<br />
alliance of companies has carried out for a customer. For each project you want to enter please<br />
send a case study to dave.bonner@btc.co.uk<br />
The Editor's Innovation Award gives you a chance to impress our Judge (Network<br />
Computing's Editor, Ray Smyth) through being truly innovative in design, purpose, application or<br />
results. Ray gets to see a lot of innovation n the solutions that are independently reviewed for<br />
Network Computing. Additionally, innovation from suppliers may come to light when Ray meets<br />
them. Either way, if you feel that what you do is worthy of consideration for this Award, please<br />
contact ray.smyth@btc.co.uk<br />
FINALLY<br />
There are opportunities to get involved as a sponsor. Contact Dave Bonner or<br />
Julie Cornish on +44 (0) 1689 616000<br />
To make your nominations, please go to:<br />
WWW.NETWORKCOMPUTINGAWARDS.CO.UK
OPINION<br />
THE EDGE OF TOMORROW<br />
EDGE COMPUTING SEEMS TO BE ON<br />
EVERYONE'S LIPS JUST NOW. ABHIJIT SUNIL,<br />
AN ANALYST AT FORRESTER CONSIDERS<br />
WHAT MIGHT HAPPEN NEXT AT THE EDGE OF<br />
THE NETWORK<br />
In the computing world, edge computing is<br />
among the key trends that are now<br />
discussed by almost everyone, including<br />
the networking, computing and storage<br />
manufacturers, the communications services<br />
providers and the internet giants. Frankly, all<br />
of this excitement is justified by what's in store<br />
for this growing platform in 2020.<br />
In fact, 57 per cent of mobility decisionmakers<br />
surveyed by Forrester Research said<br />
that they have edge computing in their<br />
roadmap for the next 12 months. That is<br />
significant, considering how recently edge<br />
computing arrived in the sphere of<br />
technology evolution.<br />
EDGING CLOSER<br />
In a basic sense, edge computing takes<br />
computing closer to the customer and<br />
where the data is generated. This<br />
disaggregates computing to the edges of<br />
the ecosystem and closer to intelligent<br />
devices and sensors that can collect data,<br />
analyse it, and even make actionable<br />
decisions. The edge is the next step to<br />
round out a more complete landscape of<br />
technology, along with cloud computing<br />
and more traditional infrastructure, and they<br />
must work in harmony.<br />
The real power of edge computing lies in the<br />
sheer variety of use cases it enables.<br />
According to our <strong>2019</strong> Forrester Research<br />
survey of mobility decision makers, the biggest<br />
benefits organisations seek from edge<br />
computing include flexibility to handle artificial<br />
intelligence demands and use cases that<br />
benefit from faster network response times.<br />
DIRECTION AT THE EDGE<br />
With so much interest and such great promise,<br />
understanding what is on offer in edge<br />
computing is essential. Here are five key<br />
aspects to consider.<br />
New infrastructure form factors are being<br />
tailored for the edge. Until now, hardware<br />
vendors took existing cloud form factors<br />
and morphed them for the edge. However,<br />
the unique requirements put forth by<br />
operating conditions at the edge, such as<br />
space constraints, temperature, resilience<br />
and connectivity will necessitate hardware<br />
vendors to develop custom form factors.<br />
5G promises high bandwidth<br />
communication possibilities. During<br />
2020, we can expect 5G connectivity<br />
to increase significantly in developed<br />
markets, enabling a host of use cases<br />
in AR/VR, media consumption, massive<br />
IoT and others enabled by low latency<br />
communications. Edge computing will<br />
augment these use cases and will play<br />
a critical role in enabling data<br />
processing and computing as close to<br />
the user as possible.<br />
Traditional telecom carriers who missed<br />
out on the cloud opportunity will seriously<br />
consider the business opportunities<br />
presented by edge, entering the market<br />
through mergers and acquisitions to gain<br />
an early competitive advantage. Cloud<br />
vendors, infrastructure equipment<br />
manufacturers, and data start-ups are all<br />
enablers of edge computing and together<br />
create a rich acquisition environment for<br />
well-funded firms.<br />
Customers prefer multivendor edge<br />
offerings over single vendors. Edge<br />
computing is not a single entity and the<br />
use cases it enables are too complex and<br />
costly to design and maintain for a single<br />
vendor. Edge will consist of an ecosystem<br />
of multiple intelligent devices, integrators,<br />
hardware manufactures and connectivity<br />
providers. This will bring forth several<br />
partnership models between telcos,<br />
OEMs, vertically focused software<br />
manufacturers, and integrators.<br />
Lastly, the nascent edge computing<br />
services market will grow significantly in<br />
the coming months. The megacloud<br />
providers, cloud software platform<br />
communities, colocation players, telecoms<br />
and CDN providers are beginning to<br />
provide IaaS and PaaS services at the<br />
edge. The goal for these initiatives is to<br />
provide such services that run independent<br />
of connectivity back to the public cloud or<br />
data centre. This edge services market will<br />
see explosive growth in 2020, with new<br />
partnerships and business models<br />
emerging aplenty.<br />
Overall, 2020 is going to be an exciting year<br />
for edge computing and we will see new use<br />
cases develop that take the customer<br />
experience to a brand-new level, all through<br />
the power of network edge. <strong>NC</strong><br />
32 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
CASESTUDY<br />
TECHNOLOGY IN THE COMMUNITY<br />
WITH WI-FI TAKEN FOR GRANTED, AN<br />
UNRELIABLE SERVICE CAN HAVE SIGNIFICANT<br />
ADVERSE IMPACT. THE STEPHEN LAWRE<strong>NC</strong>E<br />
CHARITABLE TRUST NEEDED TO PUT ITS<br />
COMMUNITY SPACE TO WORK AND DID SO<br />
WITH A NETWORKING UPGRADE FROM ZYXEL<br />
Inspiring disadvantaged young people to<br />
reach their full potential and make<br />
informed choices about their education and<br />
careers is a challenging task, especially<br />
without a reliable internet service. The Stephen<br />
Lawrence Charitable Trust encountered this<br />
challenge in 2017 when its iconic building in<br />
Deptford, London - The Stephen Lawrence<br />
Centre - was redesigned by world-famous<br />
architects, Gensler.<br />
As part of the renovation a new coworking<br />
hub, Your Space, was conceived and created.<br />
Your Space offers flexible desk space over two<br />
floors. Hot desking is available for short or<br />
long-term rent, while a designated resident<br />
space offers capacity for 12 members<br />
requiring a more permanent business home.<br />
The venue also has two integrated event<br />
spaces for networking events, away days, or<br />
project launches and they are open to both<br />
members and non-members.<br />
For Your Space to work at its best, it needed<br />
reliable, fast Wi-Fi throughout the whole<br />
building to support multiple users and<br />
enterprises, but there were some challenges<br />
to overcome.<br />
CHALLENGES<br />
As a non-profit organisation, the Stephen<br />
Lawrence Charitable Trust doesn't have a<br />
dedicated IT support service, relying instead on<br />
one part-time IT volunteer to help troubleshoot<br />
devices and reset routers. Originally, the centre<br />
was fitted with just one router and a Wi-Fi<br />
extender to boost the signal in the more distant<br />
parts of the building, which often failed.<br />
With such a poor signal network transparency<br />
was limited, and the Trust had no central<br />
bandwidth control. As the trust grew it wanted<br />
to include separate businesses on its Wi-Fi<br />
network, and so was faced with a growing<br />
challenge: the need for faster, wider and more<br />
secure network coverage throughout.<br />
SOLUTIONS WITH BENEFITS<br />
The trust approached IT support provider<br />
Vibrant Networks, initially looking for new<br />
routers or Wi-Fi boosters. After assessing the<br />
centre's needs, Vibrant advised the deployment<br />
of the Zyxel Nebula system, along with access<br />
points and a switch to provision a fast and<br />
secure network. As the centre redevelopment<br />
was a pro bono project, Zyxel donated<br />
equipment to help the Stephen Lawrence<br />
Charitable Trust achieve its growth without<br />
having to use funding that could otherwise be<br />
used to deliver its main objectives.<br />
Everyone at the Stephen Lawrence Charitable<br />
Trust now has quick, stable network across the<br />
entire facility. In the 12 months since the Zyxel<br />
system was installed, Vibrant Networks, which<br />
monitors the new network, hasn't received any<br />
calls for support, or been asked to resolve any<br />
issues. The trust can now work more efficiently<br />
without having to worry about the Wi-Fi or IT<br />
systems. Importantly, it has also been able to<br />
expand the number of users on the network,<br />
now up to 70 a week including tenants, with<br />
no downtime or connection loss.<br />
Chelsea Way, Programmes Manager at the<br />
Stephen Lawrence Charitable Trust commented<br />
that, "Previously, we only had Wi-Fi for staff,<br />
which constantly broke down and only had<br />
coverage in certain areas of the building. So,<br />
we knew that to transform our new centre into<br />
a coworking space, we needed a faster, more<br />
stable network. Since installing the Zyxel<br />
Nebula system our Wi-Fi is stronger and faster<br />
and we have taken on tenants who use our<br />
centre as their office.<br />
Operationally, coworking is now fundamental<br />
to what we do here. Thanks to that extra<br />
revenue, the trust broke even on our building<br />
costs this year for the first time, meaning that<br />
we're able to put more money back into the<br />
work we do with disadvantaged young people,<br />
and we haven't had to pick up the phone for IT<br />
support once."<br />
All funds raised from Your Space are<br />
reinvested into the Stephen Lawrence<br />
Charitable Trust, helping it continue its work<br />
building stronger and safer communities. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2019</strong> NETWORKcomputing 33
SECURITYUPDATE<br />
EVOLVING CYBERSECURITY<br />
CYBERSECURITY IS STILL A YOUNG INDUSTRY<br />
BUT IT'S GROWING FAST. THERESA LANOWITZ,<br />
DIRECTOR OF CYBERSECURITY<br />
COMMUNICATIONS AT AT&T CYBERSECURITY<br />
THINKS WE ARE AT A CRITICAL POINT IN<br />
CYBERSECURITY'S EVOLUTION<br />
In the earlier days of cybersecurity<br />
(2004/2005), vendors targeted<br />
development and testing teams.<br />
Implementing security practices earlier in the<br />
lifecycle would prevent vulnerabilities from<br />
being exposed in production where they<br />
were much more costly to remediate. This<br />
approach put the application at the centre of<br />
the universe.<br />
The problem was that the CISO office was<br />
not involved in the sales process. No<br />
developer or tester wanted the responsibility<br />
for security unless there was an executive<br />
mandate. As developers and testers did not<br />
buy the security tools, vendors turned to the<br />
CISO office, which was disconnected from<br />
the development teams. The CISO office<br />
believed proper development and security<br />
hygiene was handled by developers and<br />
testers during the pre-production phase.<br />
PERIOD OF CONSOLIDATION<br />
For about two years from 2006 we saw a<br />
consolidation of those tools targeted at<br />
developers and testers, and the new megasecurity<br />
companies attempted to sell their<br />
products to them. As this strategy failed,<br />
security tools were placed in a separate<br />
division (a silo) focusing on the CISO office.<br />
But there was no executive consensus or<br />
mandate for security that bridged the<br />
development and policy level.<br />
Fast-forward and there is now a<br />
proliferation of point product companies<br />
that specialise in one threat. Today's<br />
cybersecurity market consists of levels. The<br />
mega-vendors lacked a compelling story<br />
about why security was so important at the<br />
application level. The single product vendor<br />
is not offering a product but a feature.<br />
Because of the proliferation of point product<br />
vendors we are in another wave of<br />
consolidation with the big vendors being<br />
network and infrastructure focused, instead<br />
of software-development focused.<br />
NETWORK CAPACITY<br />
The reason we are progressing as a society,<br />
moving from monolithic enterprise<br />
applications through mobile applications to<br />
a completely connected and low latency<br />
world with IoT, is because of the increase in<br />
network capacity. Location-based mobile<br />
apps such as Uber or high-performing<br />
streaming services would never have been<br />
possible in a 3G world. Likewise, massive<br />
IoT scale will only be possible with the<br />
support of 5G.<br />
While 5G standards (which are dynamic as<br />
all standards are) address known 4G<br />
vulnerabilities and 5G networks are being<br />
architected with more security than any<br />
previous network, businesses must still<br />
prepare for security threats, both existing and<br />
new, and adjust policies and practices<br />
accordingly. An expanded attack surface<br />
provides an opportunity for new threats to<br />
emerge, as well as for the potential<br />
proliferation of unpatched existing ones.<br />
Thankfully, in most IoT conversations today,<br />
security is the primary question. Just two<br />
years ago, security was an afterthought when<br />
it came to IoT.<br />
THE DECOUPLING FLAW<br />
<strong>Dec</strong>oupling cybersecurity from everything<br />
else has been the fatal flaw of previous<br />
security companies. Offering cybersecurity<br />
solutions alone has been tried and failed.<br />
This is why the industry is experiencing<br />
acquisition by larger network and<br />
infrastructure-heavy companies.<br />
Enterprises are no longer operating in<br />
isolated silos. It is simply too expensive and<br />
risky. Enterprises of all types and sizes realise<br />
that their businesses are only as strong as<br />
their networks. The network is now part of<br />
the brand promise to give enterprises<br />
performance and security, otherwise<br />
customers will shop elsewhere.<br />
We are moving to a world where customers<br />
will rely upon the trust index of a company.<br />
The higher a company is on the trust index,<br />
the better the security and performance are,<br />
i.e. zero, or managed and contained<br />
breaches, etc. These high trust companies<br />
will turn to the network and infrastructure<br />
vendors to achieve a greater trust index with<br />
a cybersecurity solution that is holistic,<br />
simple, and borne of experience. Ultimately<br />
the high trust companies will thrive.<br />
We are in the Darwinian moment of<br />
economies, and cybersecurity has become<br />
its cornerstone. <strong>NC</strong><br />
34 NETWORKcomputing NOVEMBER/DECEMBER <strong>2019</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
18 & 19 MARCH 2020<br />
EXCEL, LONDON<br />
#CallContact20<br />
EUROPE’S LEADING EVENT FOR CUSTOMER<br />
ENGAGEMENT PROFESSIONALS<br />
EMBRACE THE FUTURE OF THE CONTACT CENTRE<br />
EXPERT<br />
ADVICE<br />
500<br />
EXHIBITORS<br />
250<br />
SPEAKERS<br />
15,000<br />
VISITORS<br />
Register for your FREE TICKETS now<br />
CALL<br />
01872 218007<br />
CALLANDCONTACTCENTREEXPO.CO.UK<br />
RUNNING<br />
ALONGSIDE