NC Nov-Dec 2019

NETWORKcomputing
I N F O R M A T I O N A N D C O M M U N I C A T I O N S – N E T W O R K E D www.networkcomputing.co.uk
MAKING THE GRADE
Are organisations too
dependent on APIs?
THE TRUST INDEX
Taking the next step in cybersecurity's evolution
EDGE OF TOMORROW
What does the future hold for edge computing?
DISRUPTION AGENDA
Tackling the emerging cyber-physical threat
NOVEMBER/DECEMBER 2019 VOL 28 NO 06

11-12 March 2020
ExCeL, London
MISSION
IMPOSSIBLE
Cloud Expo Europe, the UK’s biggest and best attended technology event, returns on 11-12
March 2020 at ExCeL London.
Technology enabled change is on the boardroom agenda for businesses of all types and sizes. Cloud Expo
Europe is the UK’s leading event for connecting technologists, business leaders and senior business managers
with experts, solutions and services to help accelerate digital transformation plans.
Whether you are cloud-first, scaling up, refining, or just getting started, Cloud Expo Europe is an unrivalled
opportunity to meet with leading technology innovators and service providers. Network with your peers. Access
a wealth of knowledge and advice including emerging trends, tech deep dives, lessons learned and market
forecasts.
Our 2020 speaker line-up includes:
DENISE
DOURADO
Cloud Digital
Transformation
Director
HMRC
DANIEL
MARION
Chief of
Information and
Communication
Technology
UEFA
ANNA
BARSBY
Award-winning CIO
CIJO
JOSEPH
Chief
Information
Officer
Mitie
MAJOR-GENERAL
THOMAS
COPINGER-SYMES
Director of Military
Digitisation
Joint Forces
Command
NICK
MITROVIC
Chief
Technology
Officer
Oxfam
Visit www.cloudexpoeurope.com
for more information or contact the team today
to discuss further on +44 (0) 207 013 4999
ORGANISED BY
Co-located
with:

COMMENT
COMMENT
INSTRUMENTING THE NETWORK
BY RAY SMYTH, EDITOR
Political and economic uncertainty, combined with the continuing lack of clarity concerning our
relationship with the EU, are finding their way into every aspect of personal and professional life,
and the network is no exception. In much the same way, so is what some are referring to as the
digital risk. In fact, I recently noticed a press release that claimed that cyber-attacks are "adding 2.7
minutes to hospital response times and causing an extra 36 deaths for every 10,000 heart attacks
each year."
Because I haven't verified these figures I only offer them as a nudge for you and your organisation
and not as verified truth. Undetected cyber breaches are without doubt impacting your network services
affecting efficiency and resource, and that's before you consider data loss. I started my IT career
with a small UK startup that was early to market with a network analyser amongst other network technology.
What's now offered by today's vendors is so different, but then so is the job we need it to do.
Instrumenting networks to capture everything that happens is an important step towards understanding
exactly how the network performs. But it is not enough to just capture the data; rapid near
real-time analysis is required that can then automatically alert those that need to know about the
things that matter to them, covering that which affects performance or security. But remember, they
are inextricably linked. There is now clear evidence that network management and security, which
until recently were disassociated disciplines, could realistically move much closer together. Machine
learning (ML) is emerging as an important component of such a capability, though some will insist
on wrongly calling it AI.
I think we are seeing the emergence of a very healthy, network-based approach, which is to be
encouraged, and which will see cybersecurity and operational management of the network move
closer together. A given network event has the potential to manifest itself in many different ways. There
is no benefit in capturing a single event in a number of different places because it will be expensive
and inefficient.
Instrumenting your network and providing the intelligence to those that need it to do their jobs, in a
language and manner that they comprehend, is the new challenge for IT and networking professionals.
It's not all about technology, though it will be firmly based on it. It's not all about people either,
though there will be plenty involved and they will be very dependant. And it's not all about diversity,
though barriers must be removed and cooperation become the norm.
If you want a network that is enabled for the digital transformation that businesses are demanding, it
has to be instrumented and work without silos.
Ray Smyth - Editor, Network Computing.
Ray.Smyth@BTC.CO.UK | https://twitter.com/ItsRay?
EDITOR: Ray Smyth
(ray.smyth@btc.co.uk)
REVIEWS:
Dave Mitchell
Ray Smyth
SUB EDITOR: Mark Lyward
(netcomputing@btc.co.uk)
PRODUCTION: Abby Penn
(abby.penn@btc.co.uk)
DESIGN: Ian Collis
(ian.collis@btc.co.uk
SALES:
David Bonner
(david.bonner@btc.co.uk)
Julie Cornish
(julie.cornish@btc.co.uk)
SUBSCRIPTIONS: Christina Willis
(christina.willis@btc.co.uk)
PUBLISHER: John Jageurs
(john.jageurs@btc.co.uk)
Published by Barrow & Thompkins
Connexion Ltd (BTC)
35 Station Square,
Petts Wood, Kent, BR5 1LZ
Tel: +44 (0)1689 616 000
Fax: +44 (0)1689 82 66 22
SUBSCRIPTIONS:
UK £35/year, £60/two years,
£80/three years;
Europe:
£48/year, £85/two years £127/three years;
ROW:
£62/year, £115/two years, £168/three years;
Subscribers get SPECIAL OFFERS — see subscriptions
advertisement; Single copies of
Network Computing can be bought for £8;
(including postage & packing).
© 2019 Barrow & Thompkins
Connexion Ltd.
All rights reserved.
No part of the magazine may be
reproduced without prior consent, in
writing, from the publisher.
GET FUTURE COPIES FREE
BY REGISTERING ONLINE AT
WWW.NETWORKCOMPUTING.CO.UK/REGISTER
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 3

CONTENTS
CONTENTS
N O V E M B E R / D E C E M B E R 2 0 1 9
THE CLOUD........................10
Our cloud feature this issue considers where
the responsibility for cloud security lies and
how cloud based service can help, and
assesses the use and management of
policies as IT systems become more hybrid
EDITOR'S COMMENT......................3
Instrumenting the network
COMPANY NEWS............................6
Market Dynamics: making sense of the market
NETWORK NEWS............................7
Moves, adds and changes
VERSION X......................................8
The latest networking news
ARTICLES
A POLICY TO INCLUDE THE
CLOUD.........................................10
By Tim Sedlack at Micro Focus
SECURING THE CYBER
WORKFORCE...................................11
By Stuart Sharp at Solutions Engineering
SECURE EDGE TO EDGE..................13
By Aron Brand at CTERA
CONNECTED CLOUD.....................14
Richard Petley at Oracle UK & Ireland
DIGITAL NETWORKING.........24
Digital transformation requires a new
networking approach. Pete Lumbis, Technical
Evangelist at Cumulus Networks talks about
applying web-scale networking principles to
digital transformation
EDGE OF TOMORROW........32
Edge computing seems to be on everyone's
lips just now. Abhijit Sunil at Forrester
considers what might happen next at the
edge of the network
DISRUPTION AGENDA..........28
With operational technology and IT naturally
coalescing, there is a new emerging cyberphysical
threat. Chris Sherry at Forescout
explains this disruptive threat vector
TECHNOLOGY IN THE
COMMUNITY........................33
The Stephen Lawrence Charitable Trust
needed to put its community space to work
- and did so with a networking upgrade
from Zyxel
SECURITY & MANAGEMENT.............15
By James Barrett at Endance
SYSTEM DOWN................................16
By Peter Groucutt at Databarracks
TOMORROW’S ISV...........................17
By Scott Murphy at Ingram Micro
THE SMALL APPROACH TO BIG.......18
By Paul Durzan at Ensono
MANUFACTURING LINUX
CONTAINERS...................................19
By Florian Froschermeier at INSYS
GDPR SO FAR..................................20
By Todd Peterson at One Identity
DATA AS CURRENCY........................22
By Richard Agnew at Code42
BREAKING THE IT VENDOR
MONOPOLY....................................23
By Ronak Shah at Fact.MR
MAKING THE GRADE?.....................25
By James Hirst at Tyk
NARROWING THE CYBER GAP.........27
By Deshini Newman at (ISC) 2
TAKING LEGACY TO THE CLOUD....29
By Neill Hart at CSI
EVOLVING CYBERSECURITY..............34
By Theresa Lanowitz at AT&T Cybersecurity
PRODUCT REVIEW
R&S CLOUD PROTECTOR..............21
ALTARO OFFICE 365 BACKUP.......26
4 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

One Platform for
Digital Business
• Process
• Content
• Governance
Modern Architecture
• Developer-friendly
• Open
• Cloud-ready
Faster Time to Value
• Deploy
• Adopt
• Build
Learn more at alfresco.com | Contact us at info@alfresco.com
Alfresco EMEA: +44 (0) 1628 876 500 | Alfresco Americas: +1 888 317 3395
Alfresco Asia Pacific: +61 2 8607 8539

COMPANYNEWS
MARKET DYNAMICS: MAKING SENSE OF THE MARKET
IN A REGULAR LOOK AT RESULTS AND KEY BUSINESS ANNOUNCEMENTS FOR SUPPLIERS INTO THE
NETWORKING AND IT MARKET, NETWORK COMPUTING SUMMARISES THE EDITORS SELECTIONS
Artificial Intelligence company,
Adarga has upsized its Series A
fundraising to £7 million with an
additional £2 million investment from
Moore Strategic Ventures. Adarga help
companies to transform data intensive
human knowledge processes by analysing
vast volumes of data quickly and
accurately. Led by Allectus Capital with
additional funds coming from existing and
new investors, the proceeds will be used to
continue the expansion of Adarga's data
science and software engineering teams,
accelerate research & development, and
to execute the adarga_engine and
adarga_bench software platform rollout in
the UK and beyond.
For the ninth consecutive year Zscaler is
Leader in the Gartner Magic Quadrant
for Secure Web Gateways. Eleven
vendors were evaluated based on their
ability to execute and their completeness
of vision: Zscaler was most advanced in
both areas. The Zscaler platform,
claimed to be the world's largest cloud
security platform, processes more than
70 billion transactions and detects
approximately 100 million threats per day
across 185 countries.
Ribbon Communications has entered
into an agreement to acquire ECI Telecom
Group Ltd through a merger. ECI Telecom
is a global provider of end-to-end packetoptical
transport and SDN/NFV solutions
for service providers, enterprises and data
centre operators. Financed by 32.5 million
shares of Ribbon common stock and $324
million of cash, ECI stockholders will also
receive approximately $31 million from
the sale of real estate assets.
The combined business will create a
leading edge solutions provider with
anticipated combined annual revenue of
over $900 million, serving customers in
more than 140 countries, with 4,000
employees worldwide.
Container based security provider and
serverless and cloud native applications
company, Aqua Security has announced
its expansion into cloud security posture
management (CSPM) through its
acquisition of CloudSploit. CloudSploit's
SaaS-based platform allows customers to
monitor their public cloud accounts,
providing visibility to their entire estate of
cloud resources and reduce threats due to
misconfiguration and vulnerabilities.
CloudSploit automatically manages cloud
security risk and benchmarks against
industry standards to ensure compliance.
"We are excited to add CloudSploit to
our cloud-native security portfolio," said
Dror Davidoff, CEO at Aqua Security.
"Aqua protects the world's largest cloud
native environments. With CloudSploit our
customers can now continuously monitor
and manage their cloud security posture
across multi-cloud infrastructures."
Pure Storage has expanded its global
presence with the opening of a new
European Research & Development
Centre in Prague, Czech Republic,
marking further significant investment in
the EMEA region. Pure was founded with
innovation at its core and a customer-first
mindset, and this new EMEA hub is
designed to fuel innovation and
accelerate time-to-market.
The centre will be headed by Dan
Decasper, General Manager of Pure1, the
company's cloud-based software platform.
Commenting on the launch of the centre
Decasper said, "I'm thrilled that on our
10th anniversary we maintain the same
commitment to innovation that we had on
day one. We've experienced tremendous
growth and have always believed in
investing back into talent acquisition and
expansion.
Data connectivity aggregator FluidOne
headquartered in the UK has announced
its results for the year ending 31 March
2019. Their organic revenue increased by
11 per cent from £26.0m to £28.8m and
underlying EBITDA rose by 33 per cent to
£3.2m. Strategic investment by private
equity firm Livingbridge and a new tiered
debt facility provides FluidOne with M&A
funding options and is supported by
annual customer retention of 96 per cent.
The inaugural Global Networking Trends
report from Cisco claims that softwaredefined
networking is a mainstay of many
systems, and that key trends such as 5G,
security and multi-cloud are having big
impacts, while AI is helping to accelerate
the use of intent-based networks. Perhaps
slightly concerning, it concludes that
there's a long way to go for today's
networks to meet the demands of the
emerging digital era. NC
Disclaimer - all information published in this article is based upon fuller submissions provided under general release. Any interested party is urged to verify
any information printed here, prior to using it in any way. Neither Network Computing nor it publishers accepts any responsibility for the accuracy of the
information contained in this article.
6 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

NETWORKNEWS
NETWORK NEWS - MOVES, ADDS AND CHANGES
A REGULAR LOOK AT THE STORIES INVOLVING PEOPLE, COMPANIES AND SOLUTIONS
Accidentally sending an email to
the wrong person seems like an
innocent mistake, but it could
have substantial repercussions.
Commenting, Andrea Babbs, UK
General Manager at VIPRE says,
"Misaddressed emails have far-reaching
consequences that can seriously impact
an organisation, especially in highly regulated
industries such as healthcare and
finance"
This is an issue for most organisations,
and a risk that fails to get attention. In
fact the Information Commissioners
Office (ICO) has said that misaddressed
emails are the largest source of data
loss for organisations, underlining the
seriousness. Concluding, Babbs says,
"What is required is a tool that prompts
users for a double check of their email
based on set parameters, who it is being
sent to, the contents and attachments.
It's about increasing awareness and
improving email culture."
Misaddressed emails are an unattended
risk, meaning disaster recovery is not
far behind. According to a survey of IT
workers carried out by Probrand, UK
businesses are gambling with their business
continuity, as it seems that a quarter
of the companies surveyed do not
have any form of disaster recovery plan
in place. This is not the end of it
though, because of those workers that
say their employer does have a disaster
recovery plan, 54 per cent revealed that
it is not regularly tested, and a third that
their recovery plan has never actually
been tested during their employment.
Whatever your persuasion in the neverending
drama, most IT professionals
generally support the measures established
to protect data and the rights of
its subjects in the EU. And now the EU is
apparently turning its attention to AI,
which will certainly be one to watch. The
new European Commission President,
Ursula von der Leyen has called for the
EU to draft rules to regulate the use of
artificial intelligence. She has compared
this ambition to the introduction of the
EU's privacy law, the GDPR, and adds
that she wants to keep key technologies
in Europe to bolster the EU's technological
standing in the world.
Commenting on this, John Buyers,
Partner at international legal practice
Osborne Clarke says, "The challenges
with AI - specifically deep learning - are
its breadth of application across every
walk of life and the fact that it is not
always transparent or predictable.
Beyond high level ethical principles,
one-size-fits-all regulation sounds
attractive but the complexity of different
sectors will be difficult, if not impossible,
to boil down into a single overarching
law. Designing effective regulation is
challenging. The GDPR, for example, is
an uneasy bedfellow with AI, generating
significant compliance issues."
Following a long-term and sustained
effort by Switchshop to develop and
establish its technical expertise, Aruba
has recognised their effort and achievement
by granting them Platinum status.
Their Aruba focused services include
free technical pre-sales, onsite installation
with highly experienced engineers
and ongoing support from the highly
qualified service desk team.
Hertfordshire based Switchshop has also
invested in their customer demo lab with
Comware, ArubaOS, OS-CX, AOS8 and
Clearpass equipment available.
Lastly, when it comes to cybersecurity
the available budget is always an
important consideration, and can have
a direct impact on results. Apparently,
cybersecurity budgets are failing to keep
pace with the rise in cyber threats,
according to new research by ESET.
Half of IT decision-makers said that
their security budget won't increase
before at least 2021, with 18 per cent
expecting their budget to increase by
double-digits within the next two years,
while 28 per cent forecast single-digit
growth.
David Mole, Channel Director at ESET
says "The risk and potential cost of a
breach is higher than ever. Recent cases
such as British Airways and Marriott
International clearly show the damage" NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 7

PRODUCTNEWS
VERSION X
VERSION X
VERSION X
VERSION X
VER
WITH PRODUCT ANNOUNCEMENTS RANGING FROM THE TRIVIAL TO THE BIZARRE, THE EDITOR
DISTILS THE ESSENCE OF THOSE THAT ARE OF INTEREST TO THE NETWORKING COMMUNITY
Wringing your hands about the
ever-present insider threat won't
help the situation, and it is
without doubt an area of cybersecurity
that requires constant attention and regular
review. Vendors have their role to
play in this, and Code42 has recently
introduced some new capabilities
focused on departing employees that aim
to cut the time taken to detect and
respond to high risk file activity, while
improving visibility to corporate files that
are leaked to personal cloud and email
accounts using web browsers.
Commenting, Joe Payne, President and
CEO said, "Our new insider risk detection
capabilities deliver signal, not noise
through a focused and prescriptive
process so security teams can quickly
find the needle in the haystack… These
high-fidelity insights into data risk save
over-loaded security teams precious
investigation time."
Sticking with the insider threat, IAM
analytics software company idax has
launched a dynamic certification capability
to allow users to complete access
reviews with higher quality results. They
say that dynamic certification is an
improvement on the standard entitlement
review procedures where the task is completed
all at once over a short period of
time. Instead, reviews can now take
place without a fixed time frame, supporting
a more considered approach.
Mark Rodbert, CEO at idax claims that
"Reviewing access rights is one of those
tasks all managers dread. The traditional
approach is important in locking down
internal threats. However, doing the job
properly requires trawling through files,
looking at systems that staff access, and
deciding whether to approve or revoke
access. It is this that dynamic certification
addresses, saving time and money."
The simplicity of moving compute and
storage to the cloud is often overstated,
and the care, discipline and management
associated with premise-based
resources needs to be applied, if not
augmented. For this to be effective,
some intelligence and insight is required.
Sumo Logic, who provide what they
describe as continuous intelligence, have
extended the scope of their service to
AWS CloudTrail. This latest offering provides
security teams with valuable realtime
security intelligence to scale detection,
prioritisation, investigation and
workflow and prevent potentially harmful
service configurations that could lead to
a data breach.
It seems clear that the end of IPv4
address availability is a reality, but those
with spare one's may be able to benefit.
Network infrastructure solutions provider
Heficed has launched a solution in this
area which helps businesses and organisations
to monetise their IPv4 address
resources by listing them so that potential
lessees can select available IPv4 addresses
and lease them. Apparently, IPv4
addresses, originally a free resource,
have become a commodity and a strategic
asset for businesses as a single IPv4
address in the secondhand market can
now commands around twenty dollars.
CEO Vincentas Grinius adds that
"Organisations using our platform can
rest assured that their IPs will remain
clean. Preventing the abuse of IPs is our
priority and an abuse report system is
present and straightforward to use."
Multi-vendor hybrid SD-WAN networks
can quickly become complex and they
require some insight if maximum operational
benefit is to be derived. It is this
challenge that has inspired Infovista to
create its VistaInsight Service Assurance
solution. The company claims that
deploying this solution will reduce the
complexity of multi-vendor SD-WAN networks
with a single management interface,
increase operational efficiency by
monitoring in real time, and optimise
capex through prediction and optimisation
of network capacity.
Principal Analyst at Analysys Mason,
Anil Rao describes VistaInsight as "an
exciting offering for SD-WAN edge service
assurance, focused on correlating
underlay and overlay performances in
hybrid WAN networks."
Another company active in this space is
Aryaka, who have expanded their portfolio
of managed SD-WAN offerings, delivered
using its newly branded
SmartServices platform. They have introduced
four additional as-a-service offerings
that include network and application
acceleration, multi-cloud networking,
managed security and actionable insights.
Matt Carter, CEO at Aryaka said, "Our
patented SD-WAN architecture and our
8 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

PRODUCTNEWS
SION X
global network allow customers to benefit
from an integrated solution that delivers
the industry's best application performance
and then consolidate other box
vendors into an Aryaka solution for the
lowest possible TCO."
Crossword Cybersecurity has been outlining
what they claim to be a new
approach to machine learning-based
cybersecurity and fraud detection by
announcing a family of products called
Nixer CyberML. This new tool is apparently
ideal for businesses that want to
solve advanced security and cybercrime
problems, such as detecting and dealing
with compromised accounts, fraud and
in-application denial of service attacks.
With so many security and fraud problems
arising from within applications it
can prove difficult to detect externally.
Nixer CyberML allows development
teams to rapidly add machine learningbased
detection to online applications
(online banking, ecommerce systems,
ticket sites, critical business apps, etc.)
that can learn to accurately distinguish
between good and bad user behaviour.
Jan Broniowski, Nixer CyberML
Architect said, "By putting security closer
to the application layer, we create rich,
valuable context for algorithms and analytics.
We offer Nixer CyberML as Java
libraries through GitHub - a design decision
that provides control, explainability
and configurability to developers. Nixer
CyberML helps to merge the gap
between security analytics and software
development."
D-Link has announced a new range of
USB-C hubs and adapters which are
designed to give users flexible, ultraportable
ways to expand connectivity on
their computers and laptops. The DUB
Series of USB-C hubs and adapters are
compact, portable, and ready to use by
simply plugging into a laptop or PC's
USB-C port as well as iMac and
MacBook's Thunderbolt 3 port, instantly
expanding connectivity or display. It also
offers a range of wired internet connectivity,
quick file transfer and full resolution,
some without even having to compromise
on access to power, allowing
users to extend their connections according
to what they need.
Building on what it describes as the
tremendous demand for AV over IP, NET-
GEAR has launched some new switches.
The M4300 line of switches and the new
M4500 series 100 Gigabit Network
Switches have been added to the NET-
GEAR managed switch line and are purpose
built to streamline audiovisual
solutions over IP by reducing the complexity
and cost of networked deployments,
while at the same time remaining
equally applicable to standard IT network
deployments.
OT and IoT security company Nozomi
Networks has released a free tool -
Guardian Community Edition - to help
security and risk management teams
take the first step in expanding their risk
lens to include OT and IoT cybersecurity.
It makes use of the technology used
in their cybersecurity platform,
Guardian Community Edition, which
provides users with visibility into their
OT and IoT assets.
"Organisations across a spectrum of
industries are converging IT, OT and IoT
efforts to improve business processes,
deliver better customer experiences and
gain a competitive edge", comments
Nozomi Networks Co-founder and Chief
Product Office Andrea Carcano. He
adds that "Cybersecurity executives and
their teams are challenged to gain visibility
into these networks. But having
visibility is the first step to securing
them. We developed Guardian
Community Edition to give the community
a safe way to begin expanding their
security footprint."
Industrial IT solutions specialist
SolutionsPT has released Citect SCADA
2018 R2. It enables industrial process
organisations to increase efficiencies in
their operations by improving visualisation,
allowing them to monitor and control
their plants and equipment effectively.
Featuring an enhanced graphics
builder, Citect R2 supports Graphics
Browsing in Citect Studio, letting engineers
create virtual representations of
their plant environments which can be
controlled digitally, enabling access to
different SCADA.
Citect Product Manager Anne Fletcher
said, "With its new, enhanced capabilities,
Citect R2 is a significant development
for engineers and manufacturers
which will help them take the next step
in their digitalisation journey with minimum
disruption." NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 9

FEATURECLOUD
A POLICY TO INCLUDE THE CLOUD
AS IT SYSTEMS BECOMES MORE HYBRID, THE
USE AND MANAGEMENT OF POLICY GROWS
EVER MORE COMPLICATED. TIM SEDLACK,
DIRECTOR OF PRODUCT MANAGEMENT AT
MICRO FOCUS SUGGESTS CAREFUL
REASSESSMENT
IT complexity is increasing, and as a result
most IT departments are struggling to
maintain their security and a consistent
configuration. Yet implementing processes to
cope with this complex IT environment can
introduce roadblocks and impede
organisations from getting business done. As
organisations migrate to the cloud and
implement hybrid IT strategies, users may
engage in practices that stray outside of
existing policy by creating, for instance,
accounts to provide contractors with access to
resources. Managing policy in this complex
environment needs some attention.
THE POLICY TOOL
Policy is a vital tool and it enables IT to maintain
a tighter set of controls. Whether using
Microsoft's Group Policy (based in Active
Directory) to design security controls and
configurations that are applied across users and
devices, or automating configuration in the
UNIX and Linux world (through scripting, Puppet
or Chef), IT departments are turning to policy.
While Group Policy is widely used to set and
maintain security, it's largely limited to
Windows users and devices. However, other
silos of IT resources (such as those migrating
to SaaS, PaaS, and IaaS based solutions) have
recognised that policy-based security and
configuration seems to solve a myriad of
problems. As a result, they've adapted
bespoke methods to manage by policy, which
is a good development.
THE POLICY DEFINITION
Declaring a policy that can be validated and
enforced simplifies management, but is there
a standard way to define policy? As you can
imagine, there's unique policy for each silo,
and very little agreement around terms or
execution. This lack of common
understanding on how policy should be set in
order to meet a company's internal policies or
external regulatory compliance is a challenge.
Consider passwords: one common setting is
Complexity, but how is this defined?
Determining compliance requirements around
the term Complexity can be a guessing game,
but the real challenge comes when security
teams or compliance officers try to dictate
password Complexity across policy silos. The
most common virtualisation technology is
heavily invested in a policy-based approach to
management, but refers to password
complexity as Quality, combining several
password metrics. Clearly, mapping
Complexity to Quality may not be simple. A
compliance officer or CISO needs to make
certain that policy is set similarly across all
silos, regardless of these semantics.
THE POLICY MANAGEMENT
Coordinating both the experts and the
expertise in order to validate and report on
compliance can be tricky. Even where
terminology and interpretation differs,
businesses must still prove compliance with
internal policy and external regulation, and
even when not beholden to complicated
regulations like GDPR or PCI-DSS,
organisations must still be responsive to
security and privacy concerns.
Change is almost constant today, yet any
change demands that policy reflects new
applications and services, once again relying
on experts to understand and interpret for their
area of expertise. Sadly, policy changes across
silos are often implemented in a haphazard
fashion, creating an ugly mess.
A COMPREHENSIVE APPROACH
Today, organisations must take steps to
understand where and how they are
managing by policy, across all on-premise
and cloud based services. A key step is
cataloguing expertise, including people,
processes and policy settings. As policy
frameworks advance, automation will assist
and further ease the burden of policy silos
in future.
Don't shy away from policies: they solve
more problems than they create. The ideal
solution would centralise policy, normalise all
terms and implementation and enforce a
common policy across the organisation,
regardless of where the silos exist. This would
allow the organisation to report on
compliance quickly and simply, and at the
same time ensure that auditors get exactly
what they need as proof of the organisation's
compliance. NC
10 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

FEATURECLOUD
SECURING THE CYBER WORKFORCE
CLOUD BASED SERVICES CAN BE THE SOURCE
OF QUALITY SOLUTIONS TO SOME OF THE
SECURITY CHALLENGES POSED BY CLOUD
ADOPTION. STUART SHARP, VP OF SOLUTION
ENGINEERING AT ONELOGIN PROVIDES AN
OVERVIEW
Remote working, once a hindrance
and an organisational nightmare,
has now become a norm within
workplace culture. According to the
Office of National Statistics (ONS), by
2020, 50 per cent of the UK workforce is
expected to be working remotely, begging
the question 'do we still need traditional
office space?'
According to recent research on the
distributed, diverse workforce of the
future, 97 per cent of CIOs said that their
workplaces will be widely dispersed across
geographies and time zones in the future,
with part-time employees, contractors and
contingent workers playing a bigger role
in businesses.
REMOTE CHALLENGE
Despite the successes of remote working,
many challenges are being overlooked,
such as how to maintain a secure and safe
environment for remote workers accessing
sensitive data. According to a report by
Hiscox, cyber-attacks are costing the
average small UK business £25,700 a
year in basic clear-up costs. As a result, it
can be a colossal challenge for IT
departments to ensure that users logging
in remotely can do so securely.
It's important to understand the threat.
With 80 per cent of security breaches
involving the abuse and misuse of
privileged credentials, the threat is
passwords. Everyone is raising the alarm
about weak passwords and encouraging
the use of more complex derivatives as an
easy form of defence. However, complex
passwords can often cause more havoc
than simple ones. A single user may have
anywhere from 20 to 200 passwords,
accessing secure information from
multiple devices including laptops and
smartphones.
SINGULARLY SECURE
To support everyone working remotely, we
need to ensure that each user is logging
on to company networks safely and
securely. One solution is to implement a
single sign-on (SSO) system that integrates
multifactor authentication (MFA). SSO lets
users securely authenticate with multiple
applications and websites by logging in
once, using just one set of credentials.
With SSO, the applications or websites
user's access will rely on a trusted third
party to verify that the user is who they say
they are. MFA, on the other hand, is a
security system that verifies a user's identity
by requiring multiple credentials. Rather
than just asking for a username and
password, MFA requires additional
credentials, such as a one-time code from
the user's smartphone, a fingerprint, or
facial recognition.
PROTECTING DATA AND USER
Every time a user logs into a new
application or machine represents an
opportunity for cybercriminals. To be on
the defensive, companies should have an
authentication strategy in place to protect
both data and end-users. In addition,
organisations should ensure that their
authentication solution of choice can
adapt to meet new and advanced types of
attacks from cybercriminals.
The removal of passwords is a
compelling objective for everyone in the
cybersecurity industry; unfortunately,
passwordless authentication is not
supported by most applications. Only
companies that have deployed a modern
cloud-based identity solution can make the
passwordless future a reality today. In the
meantime, implementing secure secondary
forms of authentication means that many
cyber-attacks can be prevented.
It is expected that the workforce will only
become more distributed and diverse as
time passes, with remote working set to
become the norm for most organisations.
While the traditional office space is still
thriving, it is without doubt on the decline.
With security high on the agenda, it is the
responsibility of organisations to ensure
that their employees - wherever they may
reside in the world - are accessing files
safely and securely, as we move into a new
realm of remote working. Digital
transformation is the cornerstone of what
drives the technological revolution.
However, if we don't take security concerns
into account, we are only doing our
organisations a disservice. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 11

FEATURECLOUD
SECURE EDGE TO EDGE
HOPEFUL ASSUMPTIONS THAT CLOUD PROVIDERS WILL SECURE
DATA ARE MISPLACED. ARON BRAND, CTO AT CTERA, OFFERS
SOME INSIGHT TO HELP CLOUD-DRIVEN ORGANISATIONS
ENSURE THEIR END-TO-END SECURITY
The adoption of cloud-based data
storage has skyrocketed, but
alongside the many advantages of
cloud, data security is now the most
significant concern for cloud-driven
organisations, a concern that is amplified
by frequently reported data loss events and
ransomware attacks. In order to successfully
defend a cloud estate there are some vital
steps that, if implemented well, will prepare
an organisation for all eventualities.
INSIDER RISK
We often consider external threats as the
most dangerous for cloud held data, but
cloud security risks most often start inside
the organisation. The weakest link in the IT
security chain is the user. A simple,
unsuspecting click can download an email
attachment infected with malware or send
confidential information into the hands of
criminals. Other user errors take the form of
'leaky cloud buckets', where data becomes
exposed due to configuration mistakes
made when defining object storage buckets
on AWS, Azure, or other cloud providers.
Vulnerabilities also occur when shared
services offered by cloud solutions fail to
provide the necessary security between
edge clients and the cloud. And, while not
pleasant to consider, there is also the
malicious insider or departing employee
with a grudge, intent on inflicting harm on
the organisation.
THE SECURE CHAIN
For modern cloud-driven enterprise
environments, end-to-end security is
essential to defend against these
weaknesses. Data must be protected at the
edge (where it is created), in transit (over
the network), and in the cloud (where it is
stored). Considering the following advice
will help an organisation to assess the
security of its cloud infrastructure.
PRIVATE AND SECURE
It is best to keep data management and file
services private, always performing them
inside the firewall. This can be on-premise
or with virtual private clouds on public
cloud infrastructure. With this in place,
secure the perimeter by ensuring that all
devices are up to date with the latest
patches and software updates.
Cyber awareness training for employees
will really help to strengthening your
perimeter. In addition, Enterprise Mobility
Management (EMM) tools should be used
to ensure that corporate-provided and
BYOD devices can be used securely and
productively, thereby eliminating shadow
IT. And don't forget that Data Loss
Prevention (DLP) software can monitor
data-access patterns, find deviations and
detect data leakage.
It's essential to make sure that end-to-end
encryption exists, especially when data
moves outside of the firewall. Source-based
encryption will secure data before it leaves
devices, offices and servers. Keys should be
generated and managed internally by
trusted individuals and separate from any
third-party service to ensure total data
privacy. This type of end-to-end encryption
ensures that in the event of a breach the
data is undecipherable.
PERMISSION, BACK-UP AND TEST
An effective system that carefully controls
access permissions is vital. It guarantees that
users are who they say they are and that
they have only the appropriate access to
data required for their role - remember that
this will change. A multi-layer access control
system is the most comprehensive way to
preserve permissions and connect them to
central directory authentication systems.
Creating data recovery points using smart
data control and protection will reduce
recovery point exposure from days to hours
or minutes. An effective solution will store
unlimited versions of files as they are
updated. And don't forget back-up: ensure
that all backed-up data is physically
separated from the main dataset and
resides in a read-only repository.
Lastly, performing regular penetration tests
helps to expose any weak points. This is
highly recommended following
infrastructure changes, where risk can be
inadvertently introduced.
End-to-end security is essential in cloud
deployments, and it is only available to
those that understand the risk and wilfully
take the right steps. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 13

OPINION
CONNECTED CLOUD
THOSE THAT VIEW DATA REGULATION AS A LIMITING FACTOR MAY
HAVE MISSED THE POINT. RICHARD PETLEY, VP OF TECHNOLOGY
AT ORACLE UK & IRELAND DISCUSSES COMPLIANCE AND THE
AWESOME DATA ECONOMY OPPORTUNITY
As far back as 2011, the visionary
Sir Tim Berners-Lee said that data
was the new raw material of the
21st century. Those words now strongly
resonate as the economics of industry
give way to those of insight and
intelligence.
Organisations readily recognise the
value of data as real and justified. Datarich
companies are being bought, not for
what they can do, but for what they
know. As a precious commodity, data is
valuable and tradable, and it must be
carefully appropriately and adequately
protected.
REGULATION: ON THE RISE
Rising regulation is a standard approach
for traditional business assets, which are
carefully audited, recorded and
regulated. Increasingly, a similar
approach to data is taking place, again
confirming its value. As its use increases,
it is becoming subject to much more
stringent control and standards.
More than ever before, governments are
making their presence felt. Rightly or
wrongly, many regulatory authorities take
an active interest in how organisations
approach their digital security, especially
where it pertains to citizen and consumer
data. Legacy privacy regulations,
originally designed for an analogue
world, are being rapidly modernised or
supplanted by new legal frameworks that
are more attuned to our digital world.
EUROPE LEADS
Europe has long proved to be a strong
performer in the realm of data security.
The European Union's General Data
Protection Regulation (GDPR) was among
the first pieces of legislation to enforce the
data rights of citizens and impose heavy
penalties on organisations failing to
comply. And yet, since the regulation came
into effect, there has only been more
change and progress.
While GDPR's introduction hasn't
produced the wave of fines many had
expected, the regulation certainly has
teeth. Local authorities have grown bolder
in exercising the powers granted them
under the regulation. This year in the UK,
the ICO announced fines of nearly £300
million against British Airways and the
Marriott hotel group for breaching the
data protection law.
In holding organisations responsible for
the customer data they keep, GDPR
heightens the importance of a robust
security posture. This is increasingly
important as the threat from cyber-attack
increases; at the beginning of April,
Deutsche Telekom had recorded 46 million
individual attacks on its digital traps,
marking a new record for the continent.
European organisations are responding
however. The adoption of innovative new
technologies, such as the Internet of Things
(IoT) is driving a corresponding uptick in
the number of European companies
moving towards security solutions that
positively impact the region's cybersecurity
resilience. As a result, the European
cybersecurity market is expected to grow to
40 billion euros by the end of 2023.
DATA ECONOMY: OPPORTUNITY
GDPR and other similar regulations show
the extent to which the data economy has
evolved. It is a timely piece of regulation
and acknowledges that data is moving
faster, further and more freely than ever
before. Data provides the ability to gain
insight and it is this that businesses must
now capitalise upon.
This opportunity is also being opened up
by the greater maturity and sophistication
of cloud at the infrastructure, platform and
software levels. The ability to collate and
analyse data at incredible volumes and
speed has been fuelled by the
pervasiveness of cloud technology and its
ability to connect once disparate systems,
processes and data silos using common,
secure platforms.
It is no coincidence the value of data has
risen exponentially with the wider end-toend
adoption of cloud technologies. If
data is the raw material that will drive the
businesses and innovations of the future,
then a connected cloud is the means of
extracting and fully exploring the potential
and true value of this raw material. NC
14 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

FEATURESECURITY MANAGEMENT
SECURITY & MANAGEMENT: NET EFFECT
THERE IS NO SHORTAGE OF NETWORK DATA TO SECURE AND
MANAGE NETWORKS. BUT, AS JAMES BARRETT OF ENDACE
DEMONSTRATES, ACCESSING USEFUL NETWORK DATA AT THE
RIGHT TIME HAS TRADITIONALLY BEEN A CHALLENGE
The fundamental prerequisite for
successfully protecting networks and
applications against cyber-attacks and
performance problems is sufficient visibility
of all network activity. However, despite
deploying numerous security and
performance monitoring tools and collecting
data from multiple sources, organisations
seem to lack this network visibility, and
consequently, the agility to respond to
network security threats and performance
problems in near real-time.
Some recent research we carried out found
that 90 per cent of the large enterprises
surveyed reported 'insufficient visibility into
network activity to be certain about what is
happening' and 88 per cent were concerned
about their ability to 'resolve security and
performance problems quickly and
accurately'.
VISIBILITY AND AGILITY
Unsurprisingly, SecOps and NetOps are
overwhelmed by the volume of collected
data. Often the data exists in silos and lacks
useful context, meaning that organisations
don't have the definitive evidence they need
to be certain about events. As a result,
investigations are slow, resource-intensive
and often inconclusive, as analysts struggle
to assemble a clear picture of events, using
multiple and disparate data sources.
To address this it's essential to ensure that
the right data is being collected, and then to
integrate it all into actionable information.
Network metadata provides good visibility
into real-time network activity while also
providing insight into trends. Its compactness
means that it's possible to store months or
years of history, which is ideal for analysis
THE FULL PACKET
While metadata is incredibly useful it clearly
doesn't contain the packet payload data that
SecOps and NetOps need as definitive
forensic evidence. Here, organisations will
require full packet data.
Collecting both forms offers NetOps and
SecOps the information they need to quickly
investigate threats and performance
problems, coupled where necessary with the
ability to drill into definitive packet-level
evidence to see exactly what happened,
allowing them to refine their response.
ARCHITECTING SECURITY AND
PERFORMANCE
As well as a lack of visibility, organisations
reported other issues. 88 per cent struggle to
'deploy new capabilities at the rate the
business or IT requires' and 80 per cent don't
have 'enough of the right tools in the right
places' with 73 per cent lacking flexibility,
'forced to keep obsolete tools, locked into
specific vendors or can't choose best-ofbreed
solutions'.
Underlying these issues is the fact that
deploying network security and performance
monitoring solutions often requires
deploying hardware-based appliances.
These appliances are expensive, slow to
deploy, costly to maintain and difficult to
change out.
As a result, budgets are consumed by costly
CAPEX investment, leaving SecOps and
NetOps with insufficient budget to deploy
enough network tools in enough places to
avoid blind spots. And once solutions are
deployed, they often remain in place well
after becoming obsolete, as changing them
out is too expensive and difficult.
Solving this means adopting a new
approach to the way network security and
performance solutions are delivered.
Virtualising the enterprise data centre
resulted in massive economies of scale, costsavings,
flexibility and agility for IT
operations. A similar approach is required
for the network.
VIRTUALISATION BENEFITS
As network security, network monitoring, and
application monitoring vendors increasingly
offer software versions of their solutions,
virtualising network monitoring has rapidly
become an achievable objective.
Deploying an underlying hardware
architecture that can perform all the
necessary common network functions allows
security and performance analytics as well
as SecOps and NetOps teams to share the
same hardware infrastructure.
Virtualising network security and
performance monitoring functionality offers
the same benefits for NetOps and SecOps
as data centre virtualisation delivered for IT
teams. These include reduced cost, hugely
improved flexibility and agility, combined
with the ability to change functionality easily
in the future as the network grows and the
threat landscape evolves, thereby making
network blind spots a thing of the past. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 15

FEATURETHE IT OUTAGE
SYSTEM DOWN
ARE WE MORE OR LESS
TOLERANT CONCERNING
SYSTEM DOWNTIME? PETER
GROUCUTT, MANAGING
DIRECTOR AT DATABARRACKS
PROVIDES SOME ANALYSIS
It's hard to know if downtime has suddenly
become more common or if we just hear
about it more. In business continuity and
risk management we talk about likelihood
and impact, and they are two of the critical
components to be considered.
When you create a Risk Register, you
assign a score to your own perceived
risks and this helps to define what needs
to be addressed first: it sets priorities.
However, we need to understand if
generally outages are becoming more
likely, or whether it is an increase in their
impact that is pushing IT outages into the
headlines. I think it is probably a
combination of both.
TECH DEPENDENCY
The impact of IT downtime has increased
as businesses have progressed through
their digital transformation initiatives. In
the past, if IT systems went offline, staff
could do other work. Now IT is so central
to operations that there are fewer manual
processes for them to revert to.
IT downtime is also more visible, and in
this respect, the expectation of customers
has changed dramatically. The outages
themselves haven't necessarily changed
but the perception certainly has. Even a
brief outage now draws complaints,
criticism and social media attention.
DOWNTIME AND CYBER THREATS
For over ten years we have carried out an
annual survey to track the causes of data
loss and IT downtime. Hardware failure and
human error top the list each year as the
most common causes of downtime, but there
is no trend to suggest this is either improving
or getting worse. The one factor that has
shown an increase as a cause of both data
loss and downtime is the cyber threat.
The response to non-cyber issues is
simply to recover using your most recent
backup. It's rarely as easy for cyber issues
though, and ransomware for instance may
be present in your backups. Recovering
from ransomware therefore requires you to
carry out several historical recoveries to
find the most recent clean backup. Other
cyber-attacks might force you to take
systems offline to prevent the spread of
malware, minimise exposure and prevent
further hacks. In each case these extra
steps take time and extend that difficult
period of IT downtime.
REDUCE IT OUTAGE
Review your response strategy: outright
prevention of a cyber-attack is impossible,
but the focus should be on how the
organisation acts if compromised. Your
Incident Response Team (IRT) must have the
authority to make large-scale operational
decisions to take systems offline to limit the
spread of infection. Once the threat has
been isolated and contained, you must
establish when the initial attack occurred to
be able to restore using clean data.
Crisis communications plan: Good
recovery isn't just about technology; it's
also about managing the situation. For
example, Norsk Hydro recently suffered a
ransomware attack providing us all with a
masterclass in crisis communications with
regular, honest and transparent updates.
We can learn a lot from this.
Assess cloud risks: We should recognise
that our IT is actually far more resilient
than it was 10 or 15 years ago, with entire
IT estates hosted from a single server room
or data centre. Most organisations now
operate a hybrid cloud to some extent. This
could include AWS and Azure or might just
be a few tactical SaaS applications that
reduces risk. An incident is unlikely to
affect disparate IT.
However, disparate IT makes protecting
data more difficult, residing as it does in
multiple locations. Protecting cloud data
needs a different approach, and It's best
not to rely entirely on in-built data
protection options. Make your own backups
of cloud data and store them separately
from the production environment to another
cloud or in your data centre. NC
16 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION
TOMORROW'S ISV
THE IT AND NETWORKING SUPPLY
CHAIN NEEDS TO CHANGE.
SCOTT MURPHY, DIRECTOR OF
CLOUD AND ADVANCED
SOLUTIONS AT INGRAM MICRO
BELIEVES THAT INDEPENDENT
SERVICE VENDORS MUST EVOLVE
TO SURVIVE
It seems to me that everyone wants a
piece of the technology landscape. Not
only is it becoming more crowded, but
those within the space are becoming savvier
and more competitive.
Mergers and acquisitions are adding an
additional layer of complexity, with small to
medium sized businesses (SMBs) being
acquired to complement existing product
offerings. Start-ups are popping up across
the board, offering specialised software
development that addresses itself to diverse
and niche business challenges.. For
independent software vendors (ISVs), being
heard above the noise and frenzy has never
been more difficult.
To stand out, providers need to be willing
to step back and evaluate how they are
approaching their offer, adapt to the needs
of the channel, and think far into the future.
MARKET DETERMINED
Disruption is playing a big part in everything
from the technology being used to the
demands of the end-users and how their
services are being delivered. This means that
organisations need software solutions that not
only help them today, but which can keep
pace with what the future market requires.
To do this, ISVs need to be actively looking
beyond their existing selling points,
engaging with customers and adapting to
their changing needs. Essentially, an ISVs
offering should be determined by the
market and not the other way around.
Looking beyond the product also means
supporting customers once it's in place and
operational. Fast and consistent technical
support, the offer of training where needed
and a generally smooth customer experience
can help to deliver significant benefits to the
customer. It will also allow ISVs to stand out
from the crowd.
When facing challenges with a go-tomarket
strategy, the cloud service provider
is best placed to support and enable the
right opportunities for ISVs to grow in the
channel. Fast track programmes ensure that
ISVs are swiftly onboarded with tailored
business enablement.
MAKING THE MOST OF IT
Embracing the channel and the opportunities
it offers for ISVs can be daunting as changes
are often required, both operationally and
philosophically. Most importantly, ISVs need
to embrace a channel-first mentality and
make the most of it. It can often be easier to
try to retrofit processes and systems to meet
the needs of the channel, but instead
organisations need to ensure they are
meeting the channel's needs first.
The choice of collaborative tools is another
consideration, and having alternative
relationship management or email
marketing platforms in place will help to
promote joint campaigns with external
partners. Ultimately, it's about playing nice
and seeing your business as one piece in the
puzzle, rather than operating in glorious
isolation. This is not something that will
happen overnight, but with the right
commitment across the organisation,
including explaining to sales teams how it
will help and working with marketing to
evaluate messaging, it can be a real
differentiator for ISVs.
BUILDING FOR TOMORROW
The software world is evolving at a
breakneck pace, with as-a-service offerings
changing what can be achieved and
expected on smaller budgets. It can be easy
to focus on the next 12 months, ensuring
that you are leading today, but ignoring
longer-term trends will negatively impact the
future of your business.
Keeping the channel and end customers
happy has never been easy, and with the
number of new vendors and service offerings
it's harder than ever to stand out. Success
depends on truly making the effort to
understand what people want, then having
the confidence to adapt your product and
strategy to meet it.
ISVs should not feel on their own though
when trying to tackle these challenges.
Working with a strategic partner can help
them take a step back and evaluate exactly
what they need to do to succeed. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 17

OPINION
THE SMALL APPROACH TO BIG
EVERYONE IS TALKING ABOUT MICROSERVICES AND THEIR
IMPRESSIVE OPERATIONAL BENEFITS. PAUL DURZAN, SENIOR VP
OF PRODUCT MANAGEMENT AT ENSONO DISCUSSES THIS FAST-
GROWING ARCHITECTURAL STYLE
With the high-velocity of everincreasing
customer expectations,
technology is a strategic
advantage, helping organisations to move
fast, innovate and beat the competition.
Microservices has become an important
component, and research shows it's now the
dominant software development system,
with 76 per cent of respondents considering
microservices to be a high or critical
priority. And yet it seems that far fewer have
it on their agenda…
THE MICRO APPROACH
Microservices is a software development
technique and is in juxtaposition to the old
monolithic approach where applications
were often segmented into three parts: a
client-side user-interface, a database, and a
server-side application. In this monolithic
structure, customers came through the userinterface.
The server-side application would
handle the requests and would execute
logic, all depending on the database.
Placing all functionality into a single
process wasn't a bad way of working, but it
had drawbacks. Since application layers
were glued tightly together, updating and
changing architecture was fraught with
difficulty. For example, the whole
application would have to be redeployed
even for a very small update, and whatever
was written was not easily usable by other
applications. Finally, because all parts were
dependent on each other, changes had to
be extensively tested. All this meant
application releases were slow and
infrequent, often annual.
SMALL, LOOSELY COUPLED
Microservices addresses this by breaking up
applications into smaller, loosely coupled
and independently deployable services.
These suites of small services are each
designed around different, very specific
capabilities. They can be scaled and
replicated as needed in other applications,
and they can be updated independently of
other parts of the application
Deployed correctly, microservices offer
significant agility and flexibility when
developing and changing applications.
Forrester research shows that many
organisations struggle with lengthy
deployment cycles and are not meeting their
delivery dates. Unlike monolithic
applications microservices can, if needed,
be updated multiple times daily.
IMPLEMENTING MICROSERVICES
To implement successfully it is best to avoid
mixing microservices with monolith
architecture. The microservices approach is
successful because applications are loosely
coupled and can be redeployed and
replicated easily, so don't lose sight of this.
Let each service perform its function and
develop each service to fulfil that function
exceptionally well. Don't create strong
dependencies and don't add unnecessary
complexity to services that are performing
well. Most importantly, don't start with a
monolith and then expect to be able to
easily carve it up later on.
Efficient planning will be rewarded and
optimise development: you will need to start
by building a microservices oriented
development platform. Establishing how to
appropriately deploy, secure, and update
services before committing to the initial
development cycle is equally important. It
will prevent problems and complexity
accumulating and causing late development
cycles. Managing everything well requires
careful attention. Microservices can make
testing and debugging more difficult, so a
centralised logging and monitoring system
that developers can easily check and refer to
is essential.
For maximum advantage I would
recommend combining microservices with
CI and CD. Continuous integration and
continuous delivery complement
microservices architectures and allow
services to scale efficiently.
Microservices architecture provides a level
of flexibility in terms of picking the best
language for the task at hand, but there will
also be niche compatibility and performance
issues to consider, so be conscious of any
language constraints and think ahead.
Organising the team will require some
thought as well, and creating smaller teams
that have the skills and competencies to
successfully deliver and maintain the
services they focus on is essential. It
provides developers with a better
understanding of the code they produce and
its operational performance. Deployments
will become seamless as teams work
together to improve the code and the
automation of the release pipeline. NC
18 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

TECHNOLOGYUPDATE
MANUFACTURING LINUX CONTAINERS
VIRTUALISED OPERATING SYSTEMS ARE GAINING
GROUND AND SOLVING REAL-WORLD IT
PROBLEMS. FLORIAN FROSCHERMEIER, TECHNICAL
SALES MANAGER AT INSYS, EXPLAINS HOW
MANUFACTURERS ARE USING LINUX CONTAINERS
TO TRANSFORM THEIR APPLICATIONS
Linux containers have become the
chief method across manufacturing
applications for providing small, selfcontained
programs that add extra
functionality to hardware. And now, with
the advent of Internet of Things (IoT)
gateways, such applications are set to
multiply.
To be clear, Linux containers (LXC) are
an operating system (OS) level
virtualisation method that allows for
multiple isolated Linux systems to run on
the single Linux kernel of a control host.
This means that these programs are
isolated in individual user-spaces and
operate directly at the OS level. As the
containers are self-contained, lightweight
and hold very few components, they can
be a powerful tool for adding
applications to a system without worrying
about any dependency errors.
THE GATEWAY PORT
Developers can use containers to
package an application with the
libraries, dependencies and other files
that it needs to operate, without the host
needing to install any extra assets. As
the programs are self-contained, they
can be ported to different Linux
environments regardless of
configuration, which allows developers
to work any place and any time.
IoT gateways are becoming increasingly
vital for manufacturers that are
embracing IoT systems. Smart IoT
gateways are the converters that marry IT
and OT systems without confusing the
two. They are multi-platform devices that
receive the output from OT devices and
seamlessly connect this information to
cloud, SCADA and remote access
systems.
GATED DATA
For example, a business may have a
third-party maintenance team for
machinery, for which industrial data is
being recorded. In this case, a smart IoT
gateway can process the data before it is
sent, to ensure that only maintenance
data is sent to the third-party, regardless
of whether their system is hosted on
cloud or the data is being accessed by
VPN or a SCADA system.
A smart IoT gateway must be able to
collect, provide and process data,
monitor machines and run control tasks
on the edge for both new and legacy
machines. For these reasons, IoT
gateways are the perfect place to use
Linux containers to enhance data
management and control systems.
By ensuring smart IoT gateways have
systems that can run LXC programs, endusers
are able to generate bespoke
applications to modify gateways to
ensure that the functionality they need is
available. By having bespoke
applications, organisations can easily
keep the edge application permanently
up to date with the IoT backend.
PROTECT THE IP
They are also proving especially popular
with small enterprise applications that are
beginning to implement digitalisation, as
well as remote installations that require
high levels of automation to maintain or
reduce costs. It also means that businesses
are able to maintain IP rights over the
applications they generate.
For example, Swiss STEBATEC AG
provides its customers with the latest plant
technology for precise flow measurement
and optimum sewerage control. However,
its system relied on a 2G system that was
about to be shut down. By using a smart
gateway it was able to install LXC's that
allowed the system to send meter data in
.csv formats and implement an alarm
system that could communicate faults by
SMS, email and Modbus.
This allowed the analytics provider to
ensure data collection in a widely used
format and consolidate systems and
reduce costs for both themselves and their
customers. Installing smart IoT gateways is
the next step for businesses using IoT to
gain an edge in the current market.
Using these news tools in tandem with
container software such as LXCs is proving
to be an incredibly strong and versatile tool
for developers and end-users. They have
the potential to extend the use of legacy
systems and give old pieces of technology
new functions. Their use provides a
gateway to continuous development. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 19

OPINION
GDPR SO FAR
IT'S BEEN OVER A YEAR NOW
AND, FOR BETTER OR WORSE,
WE ARE STUCK WITH GDPR. BUT
HOW HAS IT REALLY
PERFORMED? TODD PETERSON,
IAM EVANGELIST AT ONE
IDENTITY OFFERS SOME
INSIGHT AND CONTEXT TO
THIS THORNY QUESTION
Recently we asked over three hundred
people their opinions of some
cybersecurity topics, including GDPR.
With Infosecurity Europe taking place just
over a year after the implementation of GDPR
it represented the perfect setting to get the
point of view. Nearly one-third of respondents
have found GDPR ineffective, adding that the
number of data breaches has increased since
the regulation was introduced in May 2018.
Their answers made me question whether
GDPR is working, has made things worse, or
has actually proved to be irrelevant. The truth
may be a little of each.
MISPLACED PREVENTION
The fundamental problem with GDPR isn't in
the regulation itself, its requirements or the
penalties it boasts, it is though one of
perception. GDPR is meant to protect EU
citizens' personal information from unwanted
sharing, distribution or use. As such, every
aspect of GDPR is centred on holding
organisations accountable for how they
collect store and use data. Security is a part
of that mandate but it is not the purpose of
the mandate. So, at the end of the day, it
would appear that GDPR is a failure when it
comes to preventing breaches - but that's not
what it was designed for.
Therefore, if someone's preconceived notion
of GDPR is focused on breach prevention
they will be disappointed regarding its
effectiveness. However, if the focus is on
protecting personal data, enforcing
accountability and protocol on the part of
organisations and seriously punishing those
that disregard it, then the only conclusion that
can be made is that GDPR has been a
resounding success. Most organisations now
have entire programmes in place to ensure
that their activities are GDPR compliant.
Often those efforts focus on security to help
achieve compliance.
DRIVING COMPLIANCE
Preventing bad actors from obtaining any
protected data is essential to upholding
compliance. However, GDPR provides very
little guidance on exactly what security
measures should be implemented. Instead,
the responsibility lies with each organisation
and the measures they choose to take.
Consequently, some great security practices
may not necessarily be GDPR compliant. For
example, user awareness isn't specifically
identified as a requirement for compliance,
but it is a worthwhile exercise from a
business risk perspective. Conversely, some
GDPR compliant efforts may not help security
best practice.
OVERSIGHT DRIVEN
At the fundamental level, if GDPR has raised
awareness and motivated action around
security, even if that isn't its primary purpose,
then it has done at least some of its job.
Remember, GDPR was never meant to protect
the data against hacks, and the feeling that
data breaches have increased in number and
size since its introduction is partly due to the
fact that many data leaks that would
otherwise go unnoticed, must now be
reported to a regulatory body with strong
oversight. At the very least it has made
organisations accountable and brought the
security of personal data to the fore with
management, whose main priorities have,
typically, been the bottom line.
With data protection receiving so much
attention in the last eighteen months, some
organisations may have scrambled to buy
and struggled to implement the latest and
greatest technology. However, the basics of
security, ensuring that the right people have
the right access to the right resources -
particularly regarding privileged access -
including personal data, in a controlled and
structure way, have not changed. That said,
an organisation must be able to prove that
all of this is in place through proper data
and information governance, and that it can
and will satisfy almost all security
requirements, including those misperceived
requirements of GDPR.
To conclude, GDPR only failed if you tried to
force a privacy round peg into the security
square hole. NC
20 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

PRODUCTREVIEW
R&S Cloud Protector
from Rohde &
Schwarz
Cybersecurity
PRODUCT REVIEW
PRODUCT
REVIEWPRODUCT RE
The case for website and web application
protection is well established, but it's time
for review. Rapid cloud adoption means
that most organisations rely on web-based
applications for mission critical services, while
all the time malevolent actors evolve their
capability. In addition mounting legislation
promises significant penalties when data is lost
or compromised. Setting up a Web
Application Firewall (WAF) on-premise and
leaving it to do its work is inadequate.
Organisations need to engage and refresh
their posture.
The cloud-based R&S Cloud Protector
service from Rohde & Schwarz Cybersecurity
eliminates hardware and improves access
and performance. The cloud-native WAF asa-service
will liberate customers to focus on
their business.
Licensing is premised on the amount of data
handled, starting at 20 megabytes per second.
This can be monitored from the Dashboard,
where you can select the most appropriate
band. Data peaks will not incur extra costs.
Setup is quick and a DNS forward establishes
a credible layer of default protection and APIs
can quickly set up large numbers of URLs. The
Portal opens with Dashboard, Performance,
Security, Account, Settings and Alerts: each
has a rich drop-down list to intuitively
navigate. Next we selected a security level
from Standard, Advanced and High. This
essentially balances security, performance and
false positives. R&S Cloud Protector can run in
one of three modes: Report and do not block,
a learning mode, is a good place to start.
Report and block applies the system measures
and Report and block with bypass allows
human intervention.
These modes cannot be customised, but they
can be augmented with rules applied and
removed as required. This form of tuning
could for example block all traffic from
specified domains or even countries. Bot
detection is covered to prevent brute force
attacks by setting the HTTP request rate to a
human level. In fact, IP Address Reputations
allow granular defence of the risks associated
with domains, including scanners, DoS,
phishing and Windows attacks.
R&S Cloud Protector holds data within the EU
in Paris and Frankfurt. Rohde & Schwarz
Cybersecurity have put a lot of thought into
taking this WAF beyond the stereotype.
Seemingly counterintuitively, it actually
accelerates application performance by
caching frequently used web pages on the
WAF to relieve WEB servers. Non EU visitors
also benefit through the Content Delivery
Network without compromising data
sovereignty or performance.
R&S Cloud Protector offers a wide range of
automated reporting options and business
units can monitor KPIs and receive automatic
alerts. Configuration and management tasks
can be distributed across a team.
With such an extensive threat landscape and
constant demand for web application
performance and availability, the additional
services from Rohde & Schwarz Cybersecurity
will be popular in web application-centric
environments. Some may use this just for initial
setup, while others will happily delegate this
critical task to specialists.
R&S Cloud Protector relies on a range of
external resources including OWASP threat
modelling to establish a unique threat profile
that works with all other measures. For
example, Web Scraping is not a recognised
OWASP threat but using configuration it can
be blocked.
Web applications require a specialist firewall
to protect their services and the organisation
from attack and regulation breach. This
European cloud-based service provides a
compelling option that delivers what is
required with a few simple steps. To support
growth and dynamic change, as well as more
complex and larger web estates, the option of
a management service is an advantage. Either
way, R&S Cloud Protector will bring cost of
ownership down and push defence up. The
scalability and pricing of R&S Cloud Protector
means that the best is no longer the exclusive
preserve of the enterprise. NC
Product: R&S Cloud Protector
Supplier: Rohde & Schwarz Cybersecurity
Web site: www.cloudprotector.com
Email: cybersecurity@rohde-schwarz.com
Telephone: +44 (0) 1252 818835
Price: Starting at €199 per month per site
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 21

OPINION
DATA AS CURRENCY
THE AGE OF ZERO TRUST SEEMS TO BE ESTABLISHING A
FOOTHOLD. RICHARD AGNEW, VP EMEA AT CODE42 DISCUSSES
WHAT THIS MEANS FOR DATA LOSS PROTECTION
Data is the currency of business,
making its protection crucial.
Safeguarding information effectively
has been a focus of data security for as
long as PCs and the internet have existed,
but traditional data loss prevention (DLP)
solutions have fallen short, especially
concerning the insider threat.
The data protection challenge is becoming
more complex as organisations mitigate
insider threat using Zero Trust strategies. A
recent study by Forrester illustrates how
traditional DLP solutions are ill equipped to
function in a Zero Trust architecture, which
uses the principle of trust no one and verify
everything. Legacy DLP tools that are
questionably effective in a best-case
scenario are simply unable to deliver in a
more dynamic mobile and cloud
environment where insider threats lurk.
TRADITIONAL DLP STRUGGLES
Most organisations understand that
protecting data is imperative.
Unfortunately, the traditional approach to
securing data, attempting to prevent
breaches through blocks, perimeters and
classification requirements is cumbersome,
and has a variety of flaws that impede
innovation and slow down productivity.
The Forrester study reports that nearly 90
per cent of those surveyed are investing, or
plan to invest in DLP as part of their Zero
Trust initiative. Unfortunately, two-thirds
also said that their legacy DLP solutions
frequently block employees from accessing
the data that they should legitimately have
access to.
ADDRESS THE INSIDER THREAT
Employees, at all levels, often take sensitive
information and intellectual property with
them when they leave the company. One
study found that 60 per cent of employees
leaving a company, whether it's their choice
or not, admit to taking company data with
them, and 70 per cent of IP theft happens
in the month before an employee tenders
their resignation.
Our own recent research found that even
though traditional DLP solutions are
widespread, they are not proving effective
in protecting data from insider threats.
Organisations are beginning to realise that
prevention strategies alone don't work, but
they have not yet evolved their approach to
deal with the challenge of the growing
insider threat. IT managers are expected to
protect valuable data, but they don't have
the necessary visibility beyond employee
endpoints and into cloud applications to
do it effectively.
ZERO TRUST PROTECTION
To better protect data, start by developing
a data theft policy and ensure employees
understand it. Many knowledge workers
mistakenly feel entitled to the data they
create and manage. Companies must
educate employees about their data policy
and stress that sensitive data is intellectual
property and it belongs to the company.
Next, identify indicators of compromise for
insider data theft. Security teams should also
have specific protocols designed to detect
access or transfer of data that has higher
intellectual property value for the company.
Organisations also need to build a data
time machine. By the time you're aware the
employee is an increased threat for data
theft, the data is already gone. Companies
need to have tools in place that enable
security teams to evaluate their activity
going back for months to identify potential
data theft. If suspicious file movement is
detected, it should be referred to HR and
legal to formulate a response.
Finally, the data loss protection solution
must have the agility and scalability to
function in a complex, hybrid-cloud
environment without hindering innovation
or productivity or preventing legitimate
access to information. The Zero Trust
philosophy makes sense, but your DLP
needs to be able to protect data effectively
in a trust no one, verify everything
architecture.
Nothing eliminates risk entirely. However,
putting into place some proven best
practices can greatly reduce the danger of
the trusted insider and help organisations
to effectively manage their data loss
protection in an age of Zero Trust. NC
22 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION
BREAKING THE IT VENDOR MONOPOLY
IS THE STAID TECH SECTOR FRAGMENTING? RONAK SHAH, AN ELECTRONICS AND
COMMUNICATION ENGINEERING GRADUATE AT FACT.MR, OUTLINES THE DAWN OF AN ALTERED,
EMERGING MULTI-VENDOR IT REALITY
Technology engenders digitalisation,
paving the way for globalisation. In turn
sectors including finance, healthcare,
energy, automotive, manufacturing and food,
jump onto the bandwagon and leverage this
technology, with the quest of performing
better with the consumer using customised
offerings, and squeezing overhead costs with
efficient processes.
All this while, Dell EMC, Cisco Systems, Aruba
Networks, Juniper Systems and other tech
leaders of the same epoch enjoy monopolistic
status in distributing software and network
equipment. However, as soon as the pitch of
voices against the reckless use of consumer
data turns shrill, compliance issues encircling
data privacy protocols gain momentum - and
the restructuring of the IT industry, rather a
disparate one, begins to emerge.
Besides the impact of GDPR, the
channelisation of technology from a taskoriented
use to the exploration of its probable
use in different applications, portends the
arrival of new competitors, all waiting to
capitalise on the industry's high ROI potential.
Research suggests that the enterprise network
equipment market will be worth roughly US$
18 billion globally by 2027.
Though currently concentrated, the attraction
of this business potential with a strong focus on
telecom services, emerging tech, IT and
business services, devices and infrastructure
and software, provides many opportunities for
new entrants to this emerging market, with a
personalised rather than standardised
approach gradually making the landscape
fragmented. The influence of profitability and
data compliance in the IT industry implies that a
shift from a single vendor monopoly to a multivendor
landscape is underway.
A STAKE IN THE OUTCOME
The very basis of a consolidated landscape is to
have a free flow of technology and data across
the globe for organisations, in order to leverage
reciprocal advantage. However, as governments
of numerous regions, especially Europe, are
strengthening their dominance over data
generated within their own regions, IT
stakeholders are hard-pressed to rethink their
business strategies and processes.
The additional cost of sourcing human
resources to match up to a competitor's
development capacity, coupled with the need to
multiply IT infrastructures with region specific
data centres, will become cost-intensive. Security
measures for the protection of localised data
that is split and stored at different locations will
add to the complexity of the infrastructure.
The impact of multiple vendor IT landscape will
also be felt by its customers. Since the
penetration of the data will be narrow, analytics
regarding consumers' sentiments and tracking
systems will be inhibited. However,
fragmentation will bring in local advantage for
stakeholders, which means that they need to
focus on the research and development
activities to foster innovation, while staying
abreast with the protocols that govern the IT
industry in targeted geographies.
DON'T FRAGMENT, ADAPT
Success in the local market is vital to future
growth and that holds true for the booming IT
industry. Fragmentation means that companies
need to urgently address the local needs and
thrive on the back of customised services.
Though standard development of software and
network equipment is far more economical than
a personalised variant given the intensity of
competitors and their scale ranging from small
to large, it is imperative that IT companies
strengthen their foothold in the local markets
and gradually leverage the prowess of mergers,
acquisition and partnerships to strategically
consolidate their market position.
In the near future, where the penetration of
cutting-edge technology will be ubiquitous and
data will become a real business asset,
stringency in data protection laws will become
more common. However, the opportunity to
differentiate product offerings in different markets
combined with a lack of dominant players will
present a chance for small, mid, and large-scale
organisations to shape the industry's evolution
based on their capacities to innovate. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 23

FEATUREDIGITAL TRANSFORMATION
DIGITAL NETWORKING
DIGITAL TRANSFORMATION REQUIRES A NEW
NETWORKING APPROACH. PETE LUMBIS,
TECHNICAL EVANGELIST AT CUMULUS
NETWORKS TALKS ABOUT APPLYING WEB-
SCALE NETWORKING PRINCIPLES TO DIGITAL
TRANSFORMATION
Digital transformation means different
things to different organisations,
including shifting workloads to the
cloud, greater use of data analytics,
improving employee mobility and automating
process. But one thing's for sure, no matter
what your digital transformation strategy
looks like, your network is going to be either
a help or a hindrance to your digital
transformation project.
Understanding the challenges of digital
transformation are essential. These include,
for example, how to implement web-scale
networking principles like disaggregation
and the economy of choice and automation
to make digital transformation possible and
profitable.
NETWORK SCALABILITY
As well as being customised to fit an
organisation's needs, the network must also
be flexible enough to adapt when those
needs change. This is why network scalability
is critical to any digital transformation
project. There are different levels of
scalability and different ways to achieve it.
Whether to scale vertically or horizontally is a
network decision that can ultimately affect
every organisational detail.
The 'bigger is better' mentality in response
to flexibility and performance concerns is
traditional, but in IT terms this means scaling
up or scaling vertically to meet performance
requirements. Whilst a perfectly sensible
solution, it does mean that organisations are
limited to the biggest switch available.
Additionally, when the switch is no longer
big enough it must be replaced, resulting in
downtime.
Alternatively, organisations can combine
multiple smaller switches to achieve the
performance offered by one larger switch. This
is called scaling out, or scaling horizontally.
The advantage is that it's not limited by the
power of a single switch, and as the
organisation's needs grow you can add further
smaller switches to work together and share
the load. As a bonus, scaling out limits the
size of failure domains, so if one small switch
out of dozens fails, the impact is small. If an
organisation has redundant connections, the
impact may be minimal with just a temporary
performance drop.
FREEDOM TO BOOST
Predictably, Gartner says that "the top
networking challenge is improving agility." But
surprisingly their advice is to "shift investments
away from premium networking products
toward existing network personnel." In other
words, the answer to improving a network's
speed and agility is not buying large,
expensive, proprietary switches and premium
automation solutions, but letting the people
who truly know the network decide the best
way to achieve agility.
By using a disaggregated model
organisations can choose the switches that
best suit their requirements, even for specific
services. This makes their infrastructure
completely customisable and agile. By
choosing an open network operating system,
organisations can then select and fully
integrate the applications required to improve
optimisation. The result is a network that is
more affordable to build, more agile to adjust
and easier to expand as business demands
change and grow. It also leaves organisations
with budget to invest in premium engineers to
build innovative infrastructure designs and
truly innovate the network.
CUSTOMISED AUTOMATION
Automation is the final piece of the scalability
puzzle. As the network grows and becomes
more complex, manual configurations
become increasingly time-consuming, difficult,
and risky.
The tight coupling of hardware and software
limits automation choices and a proprietary
network operating system means either using
proprietary automation software or hacking an
organisation's own automation solution.
Again, the one-size-fits-all mentality gets in the
way of achieving digital transformation
objectives. Instead, the networking team needs
the freedom to craft customised automation
solutions for organisational objectives.
Digital transformation is changing the way
organisations think about network scalability
and agility. As the demand for power and
speed increases with digital adoption and
innovation, these changes will become
immediately critical. To stay ahead of the
game, organisations must rethink these
changes and utilise disaggregation,
horizontal scale and automation for their
own advantage. NC
24 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION
MAKING THE GRADE?
ORGANISATIONS ARE SO
DEPENDENT ON APPLICATION
PROGRAM INTERFACES FOR
THEIR DIGITALLY TRANSFORMED
OPERATIONS THAT IT'S TIME TO
TAKE STOCK. JAMES HIRST, COO
& COFOUNDER AT TYK OFFERS
SOME INSIGHT
The best application program interfaces
(APIs) allow developers to make a real
difference in an organisation. Successful
API adoption requires that organisations take
responsibility for their APIs, looking beyond
the purely technical aspects and thinking
critically about how they should be deployed
within their own organisation.
In contrast, for developers, there are many
vital aspects of API development to consider,
and each one is as critical to the health and
future of the product as the last. If developers
can build an API with these essentials in mind
then the chances of a successful product with
longevity will be increased.
RESPONSIBLE API ADOPTION
The best way for developers to consider their
APIs within the context of an organisation's
strategy is by looking beyond the technical
details and considering the real-life
applications in which the API will play its role.
Applying the essentials of business strategy
and planning to APIs offers developers a
level of foresight during the build process.
Developers who can see the bigger
problem through the process, such as how
it applies operationally, are more likely to
produce an impactful API that can deliver
high-quality results.
SOLVE THE RIGHT PROBLEM
A critical mistake that development teams
make is by focusing on the wrong problem,
and this ultimately leads to an API product
that fails to meet its customer's
expectations. If teams don't validate their
assumptions as they go along, they'll end
up building an entirely inappropriate
product for the wrong audience.
To avoid this costly error, a clear
development plan needs to be implemented
from the very beginning. Mapping out the API
and how it fits into the common usage
scenarios is an effective way of achieving this.
SELECT THE RIGHT TECHNOLOGIES
The best application development framework
for building APIs needs to be considered. It's
important to bring business leaders into this
discussion as they can help to identify the
right use cases for the APIs based on their
solid understanding of operational
requirements. IT leaders are also able to
offer support with their recommendations
based on technology feasibility, such as
back-end readiness.
At this point, developers and engineers
should look to set up API gateway boundaries,
providing tool kits and API catalogues so that
organisations adhere to best practices. The
gateway's role is to house all of the APIs,
capture analytics on the product's interactions,
and perform data caching.
DELIVER CLEAR BUSINESS VALUE
A lot of leading organisations are starting to
define their APIs in a way that creates a
common language that is understood by both
C-suite executives and technical departments.
To achieve this, distinguishing between APIs
that provide a direct impact to the
organisation (a product where business input
is vital) compared to those that are
specifically an enablement of a product will
be essential.
By following this strategy, non-IT employees
are able to communicate to developers what
kind of API they require to deliver a customer
experience, and what kind of API is needed
to deliver the infrastructure required for
those experiences.
UNLOCKING THE FUTURE
Like the majority of digital products, APIs
evolve throughout their product lifecycle,
maturing to meet shifting customer
expectations over time. Once the initial API
has been deployed, organisations are
opened up to a new world of possibility that
couldn't be accessed before. The most
effective way of capitalising on this
opportunity is by keeping the future in mind
throughout the development process.
Developers must define their API product
roadmap and continuously deliver while
seeking input from their stakeholders.
Ongoing feedback from all the parties
involved, from the initial release and
beyond, is critical for gaining traction and
maturity, not to mention the trust and respect
of customers. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 25

PRODUCTREVIEW
Altaro Office 365
Backup
PRODUCT REVIEW
PRODUCT
REVIEWPRODUCT RE
The lack of integral backup and point-intime
restoration facilities for Microsoft
Office 365 has left many businesses
facing a bewildering range of third-party
solutions. They all claim to offer the best
features, but Altaro's Office 365 Backup stands
out as remarkably easy to use and affordable
for all sizes of businesses.
Along with Office 365 mailbox backup, it
can protect OneDrive for Business files and
SharePoint Document Libraries. If you don't use
them all that's not a problem, as Altaro's
flexible licensing schemes allow you to choose
the components you require and the number
of users you want to protect, with substantial
discounts offered on multi-year subscriptions.
No need to worry about backup storage either
as Altaro does it all for you in the cloud.
Backups are maintained in its Microsoft Azure
data centres based in the Netherlands and all
transfers are secured with AES-256 encryption.
The product is accessed from the same cloud
management console as Altaro's excellent VM
Backup solution and is extremely easy to
deploy. After defining your Office 365
organisation the console switches over to your
Microsoft account, where you sign in and
accept the access permission request.
The next step is to decide whether to secure
all mailboxes or selected ones - and that's all
there is to it as Altaro then starts backing up
your organisation. If your Office 365 account
includes OneDrive for Business files and
SharePoint sites, these are automatically added
to the console and backed up as well. You can
sit back and take it easy now as you don't even
need to set up schedules. This is all completely
automated as after the first full backup, Altaro
runs incremental mailbox, OneDrive and
SharePoint backups up to a maximum of four
times per day.
The smart cloud console opens with a
dashboard showing current activity, backup
health status and a history of the latest restore
operations. For more information, move onto
the Backup section where you can see the
current status of all individual mailbox,
OneDrive and SharePoint backups.
Altaro offers multiple data restoration choices
as you can select a user backup and from its
dropdown menu, opt to restore all emails,
calendar items and contacts back to the
original mailbox, to another mailbox or a
different Office 365 organisation. Other
options include restoring mailboxes back to
password-protected PST or ZIP files which are
emailed to the contact of your choice.
As you'd expect, item-level restores are
supported where you choose granular restores,
browse a user, select individual emails or
OneDrive files and decide where to send
them. The same processes apply to SharePoint
as you can browse a site and restore all of its
files or selected ones.
More importantly, Altaro retains every backup
from when your subscription started, so you
can browse all versions and go back to a
specific point in time. If you prefer, you can use
the console's Restore section which runs a
wizard to help choose backed up items, pick a
version and decide where to send it. The
console provides plenty of information about
subscription usage and can send email alerts
to selected recipients for successful and failed
backup and restore operations. It also
maintains a full audit trail for all user
accesses and activities which can be exported
as a CSV file.
Altaro offers everything a business needs to
secure its Microsoft Office 365 organisations
and can be swiftly deployed in the cloud
without disrupting normal operations. All
backup processes are fully automated, it
provides an excellent range of both full and
granular restore facilities and delivers peace of
mind at a very affordable price. NC
Product: Altaro Office 365 Backup
Supplier: Altaro Software
Web site: www.altaro.com
Tel: +44 (0) 203 397 6280
Sales: sales@altaro.com
Price: Starts from £324 per year for 10 users
(excluding VAT)
26 NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK
NETWORKcomputing

OPINION
NARROWING THE CYBER GAP
MILLIONS OF PEOPLE WORK IN CYBERSECURITY
WORLDWIDE, YET THE DEMAND FOR
PROFESSIONALS EXCEEDS SUPPLY. DESHINI
NEWMAN, MANAGING DIRECTOR EMEA AT
(ISC) 2 SHARES SOME THOUGHTS AND RECENT
RESEARCH ON THE SKILLS SHORTAGE
The surge in digital transformations for
both businesses and the public sector
has raised the stakes for IT security.
With more data and operations now
completely digitised, connected and
potentially at greater risk, the demand for
skilled cybersecurity professionals to deal
with strategic and operational IT security
matters is higher than ever.
TAKING STOCK
Every year the (ISC)² Cybersecurity
Workforce Study takes a deep dive into the
state of the sector to better understand the
concerns of cybersecurity practitioners and
their employers. This year, the study went
one step further and estimated for the first
time the size of the active cybersecurity
workforce alongside the skills deficit. The
global workforce estimate is 2.8 million of
which around 289,000 people are in the
UK. This workforce falls far short of current
demand and is fast becoming one of the
industry's biggest challenges.
This shortage inhibits the capability of all
organisations regardless of their size or
sector. In fact, the shortage of more than
four million people globally is the greatest
concern to those currently working in the
sector. Attacks are not declining, in fact
mobile malware attacks have doubled in the
face of changing device use, while
ransomware variants including WannaCry,
Snatch, NextCry, Dharma and STOP Djvu
continue to pose high-profile threats.
WHAT TO DO
To address the gap we must grow the size
of the cybersecurity workforce. This means
that we need to increase the pool of
interested, talented and skilled individuals
for employers to draw from. There simply
aren't enough people available to satisfy
the demand.
If we are to grow the talent pool and
attract career changers into the
cybersecurity sector, we need to take some
decisive action.
TAKING STEPS
To get a balanced workforce in respect of
talent and ability, we need to consider
gender diversity. While 30 per cent of study
participants were women, with 23 per cent
using security-specific titles, considerably
more must be done to establish
meaningful gender equality. That is best
done by bringing more women into
cybersecurity roles in both front-line and
leadership positions, by encouraging
women through mentoring, scholarships
and training as well as career changing
opportunities.
Getting the cyber capability mix right also
needs cultural and ethnic diversity. While
ensuring that cybersecurity roles are more
appealing to women, there is an argument
for doing more to boost cultural diversity
and broadening the ethnicity of the
workforce. This will not only better reflect
the make-up of society and widen the
available workforce, but will also introduce
new ideas and approaches.
To grow a skilled workforce, people
require ready access to training and
education. We need to do more at an early
age to attract people into STEM subjects
and set them up for a potential career in
cybersecurity. However, on-the-job training,
along with achieving certifications that
confirm a high degree of competency, are
essential for growing and qualifying
tomorrow's workforce.
More middle ground needs to be offered
by employers to make cybersecurity a more
appealing career opportunity. This way
they can attract employees for whom the
regular working day isn't possible or
practical, including parents, carers, those
retraining and those with long or
impractical commutes. This includes
flexible working, along with leveraging new
technology so that cybersecurity
practitioners are not tied to a single
location for their work.
While the global cybersecurity workforce
gap is substantial, we need to be creative
in filling it. Based on our figures, we need
to grow the sector workforce by 145 per
cent. We also need to create opportunities
that will provide an influx of new talent into
the sector that were not accessible
previously, and narrow that skills gap. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 27

SECURITYUPDATE
DISRUPTION AGENDA
WITH OPERATIONAL TECHNOLOGY AND IT
NATURALLY COALESCING, THERE IS A NEW
EMERGING CYBER-PHYSICAL THREAT. CHRIS
SHERRY, REGIONAL VICE PRESIDENT OF EMEA
NORTH AT FORESCOUT EXPLAINS THIS
DISRUPTIVE THREAT VECTOR
Historically, the modus operandi of bad
actors has been to embed malicious
code within corporate networks with
the clear objective of extracting cash.
However, more recently and most significantly
in 2019, this tactic has been considerably
overshadowed.
While of course still popular, there has been
a significant shift. Attackers are now aiming
towards disabling key services and critical
infrastructure such as those seen in
manufacturing, transportation and healthcare,
in order to damage operational efficiency and
wreak havoc through downtime. Through its
ability to compromise the availability, integrity,
and confidentiality of the systems, networks,
and data belonging to the target, this new
threat phenomenon has been coined
disruptionware in a recent report from the
Institute of Critical infrastructure Technology.
DISRUPTION DEFINED
This evolution is the natural development of a
decade of trendsetting attacks from nationstate
advanced persistent threat (APT) actors.
In 2013, the BlackEnergy malware was
leveraged to temporarily disrupt the Ukrainian
electric grid. More recently, in December
2017, it was revealed that the Triton malware
had disrupted the safety systems of an
unidentified power station in the Middle East.
Today, it has become an even more
significant threat to critical infrastructure, as
tools have been developed beyond the
BrickerBot malware and botnets of the past
decade, and are now easily accessible by
script kiddies and cybercriminals around the
world. For example, the LockerGoga attacks
resulted in tens of millions of reported losses
and the June 2019 Silex attacks left
thousands of Internet of Things (IoT) devices
inoperable.
UNSOPHISTICATED RISK
As IT and OT environments converge and
become more automated, manufacturing
environments are becoming increasingly
reliant on industrial IoT sensors and devices,
which may be unsecured due to a lack of
layered security by design, default
administrative credentials, or a plethora of
other vulnerabilities. Further to that,
unregistered devices may creep onto the
network, and any such devices which are not
secured by the information security team may
be used as unsecured access points for
targeted malware including disruptionware.
These targeted cyber-attacks require very
little technical sophistication, making them
low-risk with potentially high-reward. Norsk
Hydro suffered $40 million in losses after
switching to manual operations, while its
systems were restored and the ransomware
infection was removed.
MITIGATING THE RISK
Operators need to understand the degree to
which physical equipment, control systems,
office IT and other assets touch each other,
and ultimately the Internet, using visibility and
control solutions - or risk having security blind
spots. They also need to make sure these
ever-changing network connections are
properly segmented, and watch for changing
patterns in network behaviour that could
indicate that someone off-premise might be
introducing a shared connection to exploit for
the network entry. Other risk factors include
wider use of vulnerable third-party partners
and services in critical sectors and network
drift, which is when unmonitored devices
creep onto the network. Mitigating these
factors will go a long way towards preventing
a Zero-Day attack.
Once enough adversaries adopt
disruptionware variants that have proven
successful in the public arena, such as
LockerGoga, the evolution of threats against
manufacturing and other OT heavy
environments will escalate. After all,
disruptionware is about more than just
preventing access to systems and data. It is
about suspending operations, disrupting
continuity and crippling an organisation's
ability to engage in operations, gather
resources and disseminate deliverables. In
other words, productivity is the real target.
For now the sophistication of such attacks
remains low-level, but once more advanced
adversaries evolve the code, critical
infrastructure organisations may not be able
to recover from a deluge of operational
threats. In the interest of national security,
government bodies and private sector
stakeholders should not delay, but rather rush
to address this emerging threat. NC
28 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION
TAKING LEGACY TO THE CLOUD
MOVING TO THE CLOUD PROVIDES THE CHANCE TO RENEW,
BUT IT'S NOT ALWAYS NECESSARY OR PRACTICAL. NEILL HART,
COGNITIVE COMPUTING ENABLEMENT AT CSI THINKS THAT
NEGATIVE MYTHS AROUND CLOUD ADOPTION MUST BE
CHALLENGED
Cloud adoption is high-up on most
board agendas with many
companies having already begun
this part of their digital transformation.
However, there are still many who aren't
using cloud to their advantage. We
estimate that 80 per cent of UK business
workloads operate using private onpremise
systems, often using legacy
technology, meaning that they can't take
full advantage of what the cloud offers.
Research by Sapio found that 85 per cent
of UK businesses identify a lack of ability
to migrate legacy apps to cloud as
negatively impacting their business.
Remaining on underlying legacy
infrastructure is resulting in backups and
patches taking too long for over a third of
the companies surveyed, and a further
third say they are not making efficient
decisions with their IT.
CLOUD DRIVEN VALUE
Running applications in the cloud allows
an organisation to create value faster and
take advantage of newer and more
powerful technology to deliver consistent
and compliant workloads. It also helps
them maintain a strong business focus.
In the financial sector, a third of IT
managers say the lack of high-speed
access to ecosystem partners prevents
them from moving their customer
experience forward. Also that they don't
have the infrastructure to support AIdriven
applications.
DIGITAL PRODUCTIVITY
The digital age promises significant
productivity gains for the way that
businesses operate, and cloud adoption is
a vital step in the digital transformation
journey. When innovations are restricted
due to workloads remaining on closed
systems, organisations will fall behind their
competitors. But there is a fundamental
misconception that legacy apps can't be
migrated to the cloud: this isn't true.
Of course, the journey to the cloud for
critical workloads and data has multiple
dependencies. They include a compelling
business case, strategic objectives, thorough
planning, and detailed preparation of existing
infrastructure and workloads. There are
solutions to every challenge.
MIGRATE TO THE CLOUD
Instead of assuming a legacy application is
too complex to move to the cloud,
companies must undertake a thorough
discovery of their environment in the context
of the latest private and public cloud
offerings. With the correct groundwork many
applications can be migrated to an
equivalent cloud infrastructure without any
programme changes, and often with
significant performance improvement.
Automated migration tools manage bulk
cloud migrations safely and quickly.
Where a readiness assessment shows that a
legacy application cannot run on the up-todate
infrastructure, application
modernisation can transform the code and
database to current standards. The
refactored application can then be moved to
a new platform and benefit from cloud
economics. In the few cases where cloud
migration is not viable, investment in existing
applications can still be extended by
converting green screen displays with a
modern user interface and mobile access.
PAST SECURITY
Our research also found that some
resistance remains about moving apps to the
cloud due to security concerns. It found that
36 per cent of financial services providers
believe that security issues associated with the
cloud are a barrier to change, whilst 31 per
cent cited unclear security governance
guidance from the FCA.
The volume of regulations and legislation
is a common theme in the financial services
sector, meaning many companies wrongly
shy away from the cloud. Whilst handing
responsibility over to a third party (rather
than keeping it on-premise) involves great
trust, cloud systems are proven to offer a far
more stringent way of managing security
and compliance.
There is no doubt that this shift from onpremise
hardware to the cloud can enable
business operations to transform. The hybrid
cloud environment is configurable, scalable
and protected with enterprise-grade cyber
security services. The result is a consumptionbased
commercial model which avoids overinvestment
or under-provisioning and allows
for business growth through innovation. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 29

Nominations are now open for the 2020 Awards and we want you, the readers of
Network Computing, to tell us who and what has impressed you.
Here are the categories we will be asking you to make nominations in:
NETWORK INFRASTRUCTURE PRODUCT OF THE YEAR
DATA CENTRE PRODUCT OF THE YEAR
IT OPTIMISATION PRODUCT OF THE YEAR
TESTING / MONITORING PRODUCT OF THE YEAR
CLOUD TELEPHONY PRODUCT OF THE YEAR
STORAGE PRODUCT OF THE YEAR
NETWORK MANAGEMENT PRODUCT OF THE YEAR
DATA PROTECTION PRODUCT OF THE YEAR
SD-WAN VENDOR OF THE YEAR
CLOUD-DELIVERED SECURITY SOLUTION OF THE YEAR
THE RETURN ON INVESTMENT AWARD
NEW HARDWARE PRODUCT OF THE YEAR
NEW SOFTWARE PRODUCT OF THE YEAR
NEW CLOUD SOLUTION OF THE YEAR
NETWORKS ON THE EDGE AWARD
SALES ENABLEMENT SOLUTION OF THE YEAR
EDUCATION AND TRAINING PROVIDER OF THE YEAR
DISTRIBUTOR OF THE YEAR
RESELLER OF THE YEAR
HARDWARE PRODUCT OF THE YEAR
SOFTWARE PRODUCT OF THE YEAR
CLOUD BASED SOLUTION OF THE YEAR
THE CUSTOMER SERVICE AWARD
THE ONE TO WATCH COMPANY
THE INSPIRATION AWARD
PRODUCT OF THE YEAR
COMPANY OF THE YEAR

As has always been the case, results in most of the categories will be determined by
nominating and voting. However, the Network Computing Awards also give you
opportunities to be recognised by a Judge.
The Bench Tested Product of the Year is open to all solutions that have been independently
reviewed for Network Computing in the year leading up the Awards. There is still time - although
you will need to act quickly - for your solution(s) to join the list of contenders. Book your review
by contacting Dave Bonner or Julie Cornish on +44 (0) 1689 616000
The Network Project of the Year categories recognise impressive work that a company or an
alliance of companies has carried out for a customer. For each project you want to enter please
send a case study to dave.bonner@btc.co.uk
The Editor's Innovation Award gives you a chance to impress our Judge (Network
Computing's Editor, Ray Smyth) through being truly innovative in design, purpose, application or
results. Ray gets to see a lot of innovation n the solutions that are independently reviewed for
Network Computing. Additionally, innovation from suppliers may come to light when Ray meets
them. Either way, if you feel that what you do is worthy of consideration for this Award, please
contact ray.smyth@btc.co.uk
FINALLY
There are opportunities to get involved as a sponsor. Contact Dave Bonner or
Julie Cornish on +44 (0) 1689 616000
To make your nominations, please go to:
WWW.NETWORKCOMPUTINGAWARDS.CO.UK

OPINION
THE EDGE OF TOMORROW
EDGE COMPUTING SEEMS TO BE ON
EVERYONE'S LIPS JUST NOW. ABHIJIT SUNIL,
AN ANALYST AT FORRESTER CONSIDERS
WHAT MIGHT HAPPEN NEXT AT THE EDGE OF
THE NETWORK
In the computing world, edge computing is
among the key trends that are now
discussed by almost everyone, including
the networking, computing and storage
manufacturers, the communications services
providers and the internet giants. Frankly, all
of this excitement is justified by what's in store
for this growing platform in 2020.
In fact, 57 per cent of mobility decisionmakers
surveyed by Forrester Research said
that they have edge computing in their
roadmap for the next 12 months. That is
significant, considering how recently edge
computing arrived in the sphere of
technology evolution.
EDGING CLOSER
In a basic sense, edge computing takes
computing closer to the customer and
where the data is generated. This
disaggregates computing to the edges of
the ecosystem and closer to intelligent
devices and sensors that can collect data,
analyse it, and even make actionable
decisions. The edge is the next step to
round out a more complete landscape of
technology, along with cloud computing
and more traditional infrastructure, and they
must work in harmony.
The real power of edge computing lies in the
sheer variety of use cases it enables.
According to our 2019 Forrester Research
survey of mobility decision makers, the biggest
benefits organisations seek from edge
computing include flexibility to handle artificial
intelligence demands and use cases that
benefit from faster network response times.
DIRECTION AT THE EDGE
With so much interest and such great promise,
understanding what is on offer in edge
computing is essential. Here are five key
aspects to consider.
New infrastructure form factors are being
tailored for the edge. Until now, hardware
vendors took existing cloud form factors
and morphed them for the edge. However,
the unique requirements put forth by
operating conditions at the edge, such as
space constraints, temperature, resilience
and connectivity will necessitate hardware
vendors to develop custom form factors.
5G promises high bandwidth
communication possibilities. During
2020, we can expect 5G connectivity
to increase significantly in developed
markets, enabling a host of use cases
in AR/VR, media consumption, massive
IoT and others enabled by low latency
communications. Edge computing will
augment these use cases and will play
a critical role in enabling data
processing and computing as close to
the user as possible.
Traditional telecom carriers who missed
out on the cloud opportunity will seriously
consider the business opportunities
presented by edge, entering the market
through mergers and acquisitions to gain
an early competitive advantage. Cloud
vendors, infrastructure equipment
manufacturers, and data start-ups are all
enablers of edge computing and together
create a rich acquisition environment for
well-funded firms.
Customers prefer multivendor edge
offerings over single vendors. Edge
computing is not a single entity and the
use cases it enables are too complex and
costly to design and maintain for a single
vendor. Edge will consist of an ecosystem
of multiple intelligent devices, integrators,
hardware manufactures and connectivity
providers. This will bring forth several
partnership models between telcos,
OEMs, vertically focused software
manufacturers, and integrators.
Lastly, the nascent edge computing
services market will grow significantly in
the coming months. The megacloud
providers, cloud software platform
communities, colocation players, telecoms
and CDN providers are beginning to
provide IaaS and PaaS services at the
edge. The goal for these initiatives is to
provide such services that run independent
of connectivity back to the public cloud or
data centre. This edge services market will
see explosive growth in 2020, with new
partnerships and business models
emerging aplenty.
Overall, 2020 is going to be an exciting year
for edge computing and we will see new use
cases develop that take the customer
experience to a brand-new level, all through
the power of network edge. NC
32 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

CASESTUDY
TECHNOLOGY IN THE COMMUNITY
WITH WI-FI TAKEN FOR GRANTED, AN
UNRELIABLE SERVICE CAN HAVE SIGNIFICANT
ADVERSE IMPACT. THE STEPHEN LAWRENCE
CHARITABLE TRUST NEEDED TO PUT ITS
COMMUNITY SPACE TO WORK AND DID SO
WITH A NETWORKING UPGRADE FROM ZYXEL
Inspiring disadvantaged young people to
reach their full potential and make
informed choices about their education and
careers is a challenging task, especially
without a reliable internet service. The Stephen
Lawrence Charitable Trust encountered this
challenge in 2017 when its iconic building in
Deptford, London - The Stephen Lawrence
Centre - was redesigned by world-famous
architects, Gensler.
As part of the renovation a new coworking
hub, Your Space, was conceived and created.
Your Space offers flexible desk space over two
floors. Hot desking is available for short or
long-term rent, while a designated resident
space offers capacity for 12 members
requiring a more permanent business home.
The venue also has two integrated event
spaces for networking events, away days, or
project launches and they are open to both
members and non-members.
For Your Space to work at its best, it needed
reliable, fast Wi-Fi throughout the whole
building to support multiple users and
enterprises, but there were some challenges
to overcome.
CHALLENGES
As a non-profit organisation, the Stephen
Lawrence Charitable Trust doesn't have a
dedicated IT support service, relying instead on
one part-time IT volunteer to help troubleshoot
devices and reset routers. Originally, the centre
was fitted with just one router and a Wi-Fi
extender to boost the signal in the more distant
parts of the building, which often failed.
With such a poor signal network transparency
was limited, and the Trust had no central
bandwidth control. As the trust grew it wanted
to include separate businesses on its Wi-Fi
network, and so was faced with a growing
challenge: the need for faster, wider and more
secure network coverage throughout.
SOLUTIONS WITH BENEFITS
The trust approached IT support provider
Vibrant Networks, initially looking for new
routers or Wi-Fi boosters. After assessing the
centre's needs, Vibrant advised the deployment
of the Zyxel Nebula system, along with access
points and a switch to provision a fast and
secure network. As the centre redevelopment
was a pro bono project, Zyxel donated
equipment to help the Stephen Lawrence
Charitable Trust achieve its growth without
having to use funding that could otherwise be
used to deliver its main objectives.
Everyone at the Stephen Lawrence Charitable
Trust now has quick, stable network across the
entire facility. In the 12 months since the Zyxel
system was installed, Vibrant Networks, which
monitors the new network, hasn't received any
calls for support, or been asked to resolve any
issues. The trust can now work more efficiently
without having to worry about the Wi-Fi or IT
systems. Importantly, it has also been able to
expand the number of users on the network,
now up to 70 a week including tenants, with
no downtime or connection loss.
Chelsea Way, Programmes Manager at the
Stephen Lawrence Charitable Trust commented
that, "Previously, we only had Wi-Fi for staff,
which constantly broke down and only had
coverage in certain areas of the building. So,
we knew that to transform our new centre into
a coworking space, we needed a faster, more
stable network. Since installing the Zyxel
Nebula system our Wi-Fi is stronger and faster
and we have taken on tenants who use our
centre as their office.
Operationally, coworking is now fundamental
to what we do here. Thanks to that extra
revenue, the trust broke even on our building
costs this year for the first time, meaning that
we're able to put more money back into the
work we do with disadvantaged young people,
and we haven't had to pick up the phone for IT
support once."
All funds raised from Your Space are
reinvested into the Stephen Lawrence
Charitable Trust, helping it continue its work
building stronger and safer communities. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2019 NETWORKcomputing 33

SECURITYUPDATE
EVOLVING CYBERSECURITY
CYBERSECURITY IS STILL A YOUNG INDUSTRY
BUT IT'S GROWING FAST. THERESA LANOWITZ,
DIRECTOR OF CYBERSECURITY
COMMUNICATIONS AT AT&T CYBERSECURITY
THINKS WE ARE AT A CRITICAL POINT IN
CYBERSECURITY'S EVOLUTION
In the earlier days of cybersecurity
(2004/2005), vendors targeted
development and testing teams.
Implementing security practices earlier in the
lifecycle would prevent vulnerabilities from
being exposed in production where they
were much more costly to remediate. This
approach put the application at the centre of
the universe.
The problem was that the CISO office was
not involved in the sales process. No
developer or tester wanted the responsibility
for security unless there was an executive
mandate. As developers and testers did not
buy the security tools, vendors turned to the
CISO office, which was disconnected from
the development teams. The CISO office
believed proper development and security
hygiene was handled by developers and
testers during the pre-production phase.
PERIOD OF CONSOLIDATION
For about two years from 2006 we saw a
consolidation of those tools targeted at
developers and testers, and the new megasecurity
companies attempted to sell their
products to them. As this strategy failed,
security tools were placed in a separate
division (a silo) focusing on the CISO office.
But there was no executive consensus or
mandate for security that bridged the
development and policy level.
Fast-forward and there is now a
proliferation of point product companies
that specialise in one threat. Today's
cybersecurity market consists of levels. The
mega-vendors lacked a compelling story
about why security was so important at the
application level. The single product vendor
is not offering a product but a feature.
Because of the proliferation of point product
vendors we are in another wave of
consolidation with the big vendors being
network and infrastructure focused, instead
of software-development focused.
NETWORK CAPACITY
The reason we are progressing as a society,
moving from monolithic enterprise
applications through mobile applications to
a completely connected and low latency
world with IoT, is because of the increase in
network capacity. Location-based mobile
apps such as Uber or high-performing
streaming services would never have been
possible in a 3G world. Likewise, massive
IoT scale will only be possible with the
support of 5G.
While 5G standards (which are dynamic as
all standards are) address known 4G
vulnerabilities and 5G networks are being
architected with more security than any
previous network, businesses must still
prepare for security threats, both existing and
new, and adjust policies and practices
accordingly. An expanded attack surface
provides an opportunity for new threats to
emerge, as well as for the potential
proliferation of unpatched existing ones.
Thankfully, in most IoT conversations today,
security is the primary question. Just two
years ago, security was an afterthought when
it came to IoT.
THE DECOUPLING FLAW
Decoupling cybersecurity from everything
else has been the fatal flaw of previous
security companies. Offering cybersecurity
solutions alone has been tried and failed.
This is why the industry is experiencing
acquisition by larger network and
infrastructure-heavy companies.
Enterprises are no longer operating in
isolated silos. It is simply too expensive and
risky. Enterprises of all types and sizes realise
that their businesses are only as strong as
their networks. The network is now part of
the brand promise to give enterprises
performance and security, otherwise
customers will shop elsewhere.
We are moving to a world where customers
will rely upon the trust index of a company.
The higher a company is on the trust index,
the better the security and performance are,
i.e. zero, or managed and contained
breaches, etc. These high trust companies
will turn to the network and infrastructure
vendors to achieve a greater trust index with
a cybersecurity solution that is holistic,
simple, and borne of experience. Ultimately
the high trust companies will thrive.
We are in the Darwinian moment of
economies, and cybersecurity has become
its cornerstone. NC
34 NETWORKcomputing NOVEMBER/DECEMBER 2019 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

18 & 19 MARCH 2020
EXCEL, LONDON
#CallContact20
EUROPE’S LEADING EVENT FOR CUSTOMER
ENGAGEMENT PROFESSIONALS
EMBRACE THE FUTURE OF THE CONTACT CENTRE
EXPERT
ADVICE
500
EXHIBITORS
250
SPEAKERS
15,000
VISITORS
Register for your FREE TICKETS now
CALL
01872 218007
CALLANDCONTACTCENTREEXPO.CO.UK
RUNNING
ALONGSIDE