NC Sep-Oct 2022

NETWORKcomputing
I N F O R M A T I O N A N D C O M M U N I C A T I O N S – N E T W O R K E D www.networkcomputing.co.uk
THE NETWORK COMPUTING AWARDS STRIKE BACK!
Discover this year’s winners inside
WAN PERFORMANCE
The role of SD-WAN in
digital transformation
BEYOND PERIMETERS
Increasing security via a
Zero Trust architecture
IOT EVOLUTION
How the Internet of
Things is reaching maturity
AUGUST/SEPTEMBER 2022 VOL 31 NO 03

Platinum Sponsor
Lead Strategy
Stream Sponsor
16-17 Nov 2022
RDS, Dublin
Infrastructure • Services • Solutions
DataCentres Ireland combines a dedicated
exhibition and multi-streamed conference
to address every aspect of planning,
designing and operating your Datacentre,
Server/Comms room and Digital storage
solution – Whether internally, outsourced
or in the Cloud.
EVENT HIGHLIGHTS INCLUDE:
Multi Stream Conference • 25 Hours of Conference
Content • International & Local Experts • 60 Speakers
& Panellists • 100 Exhibitors • Networking Reception
Entry to ALL aspects of DataCentres
Ireland is FREE
DataCentres Ireland is the largest and most
complete event in the country. It is where
you will meet the key decision makers as
well as those directly involved in the
day to day operations.
• Market Overview
• Power Sessions
• Connectivity
• Regional Developments
• Open Compute Project
• Heat Networks and the
Data Centre
• Renewable Energy
• Standby Generation
• Updating Legacy Data Centres
Supporting Organisations
Media Partners
Meet your market
For the latest information & to register online visit
www.datacentres-ireland.com

COMMENT
COMMENT
WHEN IT RAINS, IT POURS
At the time of writing significant areas of England and Wales are still experiencing a
hosepipe ban and drought conditions, with no end and precious little rain in sight. But
are we also in danger of edging closer to a different, but equally concerning, form of utility
crisis? In August South Staffs Water was subject to a cyber attack from a ransomware group.
In a statement the water utility said that, while they experienced disruption to their IT network, the
attackers failed to compromise the water supplies in any way. However "The attack demonstrates
that even non-nation state attackers are now getting more brazen in their attempts at high value
targets," according to Stephen Kines, COO of cyber security hardware start-up Goldilock.
"Whilst many APT (advanced persistent threats) groups don’t have the skills to penetrate to the
actual industrial control systems, it shows there is potential to severely disrupt the IT networks that
surround them, freezing up daily operations and impacting customers," he added.
This isn't the only instance of a water utility being subject to a cyber attack that we've looked
at recently - or even the most alarming. In our Jan/Feb issue David Higgins at CyberArk
detailed the failed attempt to poison the water supply of a Florida city. In this instance the
threat actor was only thwarted by the swift actions of a water plant operator who spotted the
attack as it was taking place - but not before the attacker "allegedly boosted the concentration
of sodium hydroxide in the water by a factor of 100." As David wrote at the time, "For a variety
of reasons the public utilities industry is particularly vulnerable to threat actors. For one thing,
much of the infrastructure that controls industrial control systems - the systems supporting key
services - was developed in the 1980s or 1990s. Because of the crucial nature of utility operations,
the creators of these systems had to prioritise system availability and interoperability over
security. As these systems got more integrated with internet-connected IT over time, they
became more appealing targets for hackers."
REVIEWS:
Dave Mitchell
DEPUTY EDITOR: Mark Lyward
(netcomputing@btc.co.uk)
PRODUCTION: Abby Penn
(abby.penn@btc.co.uk)
DESIGN: Ian Collis
(ian.collis@btc.co.uk
SALES:
David Bonner
(david.bonner@btc.co.uk)
Julie Cornish
(julie.cornish@btc.co.uk)
SUBSCRIPTIONS: Christina Willis
(christina.willis@btc.co.uk)
PUBLISHER: John Jageurs
(john.jageurs@btc.co.uk)
Published by Barrow & Thompkins
Connexion Ltd (BTC)
35 Station Square,
Petts Wood, Kent, BR5 1LZ
Tel: +44 (0)1689 616 000
Fax: +44 (0)1689 82 66 22
SUBSCRIPTIONS:
UK £35/year, £60/two years,
£80/three years;
Europe:
£48/year, £85/two years £127/three years;
ROW:
£62/year, £115/two years, £168/three years;
Subscribers get SPECIAL OFFERS — see subscriptions
advertisement; Single copies of
Network Computing can be bought for £8;
(including postage & packing).
© 2022 Barrow & Thompkins
Connexion Ltd.
All rights reserved.
No part of the magazine may be
reproduced without prior consent, in
writing, from the publisher.
The fact that the South Staffs Water ransomware attack took place during a national drought
is also alarming, and could indicate that threat actors are now deliberately targeting authorities
during critical periods. And our current water shortage could also have significant implications
for UK data centers, according to David Bicknell at GlobalData: "With the UK experiencing its
driest summer for 50 years - and water companies failing to reduce leaks - operators hoping
to use 25 liters of drinking water an hour to cool data centers as a cheaper alternative to energy-guzzling
refrigeration systems are finding their options running dry."
On a more positive note Phil Beecher, CEO and President of Wi-SUN Alliance, writes in his
article in this issue that the utilities sector is set to benefit from new IoT initiatives that include
water loss/leak detection. This is according to the findings of Wi-SUN’s latest IoT research study.
With three in four organisations planning to implement these initiatives "the opportunities for savings
and increased efficiency in some of these use cases are high." We'll drink to that... NC
GET FUTURE COPIES FREE
BY REGISTERING ONLINE AT
WWW.NETWORKCOMPUTING.CO.UK/REGISTER
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards AUGUST/SEPTEMBER 2022 NETWORKcomputing 03

CONTENTS
CONTENTS
COMMENT.....................................3
When it rains, it pours
INDUSTRY NEWS.............................6
The latest networking news
ARTICLES
A QUESTION OF TRUST...................8
By Mark Cooke at Xalient
WAN PERFORMANCE...........20
David Trossell at Bridgeworks offers a guide
to achieving higher WAN performance, and
Simon Hill at Certes Neworks explains why
CISOs should now be looking at SD-WANs
- or risk being left behind
IOT REACHES MATURITY.......26
After many years of hype, the Internet of
Things is finally maturing to a point where
organisations are turning strategies into
reality and planning into action, according
to Wi-SUN Alliance’s Phil Beecher
A U G U S T / S E P T E M B E R 2 0 2 2
BEYOND PERIMETERS............16
As cybercriminals continue to develop new
attack techniques the traditional notion of a
strong external perimeter being the best
defence against compromise has shown
itself to be inadequate
THE SASE APPROACH TO
NETWORK SPRAWL...............22
Sprawling networks and long lead times - is
there another approach we can take? Justin
Day, CEO and Co-Founder of Cloud
Gateway, shows us the way
NETWORK COMPUTING
AWARDS 2022....................28
Held in London in July, the 16th annual
Network Computing Awards celebrated
industry success stories from the past twelve
months. Discover who won what inside!
WHY EMPLOYEE WORKSTATION
SECURITY CAN’T BE FORGOTTEN....12
By David Higgins at CyberArk
OVERSIGHT ABOVE I.T.
TRANSFORMATION........................14
By Mat Clothier at Cloudhouse
DOWNTIME DOLDRUMS AND SMART
SOLUTIONS...................................15
By Alan Stewart-Brown at Opengear
STAY AWARE OF RANSMOMWARE..18
By Florian Malecki at Arcserve
WHY CISOs MUST NOW
EMBRACE SD-WAN........................20
By Simon Hill at Certes Networks
WAN ACCELERATION OR EDGE
COMPUTING?...............................24
By David Trossell at Bridgeworks
PRODUCT REVIEW
NETALLY ETHERSCOPE EXG-300......10
PROGRESS FLOWMON
COLLECTOR 12.1..........................14
04 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

INDUSTRY NEWS
NEWSNEWS
NEWS NEWS
NEWS NEWS NEWS NEWS
NEWS NEWS
Keeping data centres cool during heat waves
Vertiv has issued new guidance to data centre operators and
associated businesses to help them navigate the increasing
challenge of heat waves, which have caused outages and
disruptions at data centres in the UK. The heat waves have also
led to Thames Water launching a review of the increasing
demand data centres are putting on water supplies, particularly
in the Slough area, which is set to become the second biggest
data centre hub in the world.
To keep systems cool and help ensure data centre availability,
Vertiv experts recommend that, depending on the data hall
load, operators should run as many units as possible to reduce
the load on each cooling unit. Typically, an organisation would
run all redundant units, but if the IT load is not 100%, one
should run enough units to get the per-cooling unit as close as
possible. This keeps the refrigerant pressures lower so there is
not a risk of trips on high pressure with the high ambient
temperature. It also provides a more efficient operating point.
They should also schedule a regular maintenance plan. Vertiv
recommends its customers schedule preventive maintenance
quarterly. For compressor-based (DX) units, they recommend
quarterly or more frequent cleaning of the condenser coil, as
the lack of proper and regular cleaning can cause more of a
reduction in the overall thermal unit capacity than the ambient
temperature itself. Additionally, properly maintaining the
refrigerant charge level helps to enable the design capacity and
operating efficiency to function smoothly. A refrigerant charge
that is too low or too high, can cause operational inefficiencies
"If one thing is clear, it is that we need to be prepared for these
extreme weather conditions to become more commonplace, so
adapting to this inevitability is crucial” said Karsten Winther,
president for Vertiv in EMEA. Our service teams have proved
invaluable in providing the guidance and support required to
not only manage the immediate impact, but to discuss with
customers how they can plan ahead to build in resiliency."
Expereo acquires Breeze Networks
Breeze Networks is a managed service provider of cloudbased
(SD-WAN) network connectivity and security solutions
for enterprises and government agencies. An innovative and
flexible network integrator, Breeze sources and manages the best
SD-WAN networking and security solutions on the market. As
part of the acquisition, Expereo welcomes Matthew Lea, CTO of
Breeze Networks as Technical Portfolio Lead. His expertise will be
a great addition to the knowledge base of Expereo's Technical
team, led by CTO, Kristaps Petrovskis. Lea will drive Expereo's
expansion plans for its SD-WAN/SASE practice, solidifying the
company's presence in the UK market in his new role at Expereo.
"This acquisition comes at an exciting time, as we expand our
SD-WAN services to address the growing need for agile, costeffective
cloud access and global network solutions in the
market. With our shared vision to simplify global connectivity
and provide world-class customer experience, the expertise of
the team of professionals behind Breeze Networks will contribute
great value as we join forces," said Expereo CEO Irwin Fouwels.
Giganet selects Neos Networks for network expansion
Neos Networks has been chosen by Giganet, an
established ISP, to provide backhaul and data centre
connectivity to support its new southern counties network and
its ambitious plans to rollout gigabit Fibre-to-the-Premise
(FTTP) services. Through strategic network partnerships,
Giganet is already able to offer full fibre broadband services to
millions of homes and businesses all over the UK. The next
step for Giganet is an expansion which will see it cover more
homes and businesses, beginning in the south of England
using its own network. In the next four years, Giganet plans to
build to 300,000 homes across Hampshire, Wiltshire, Dorset
and West Sussex with its own fibre network rollout.
Endpoint Detection and Response Beta from VIPRE
VIPRE Security Group is preparing to add a new
cybersecurity tool to its comprehensive suite of offerings.
The new solution, VIPRE Endpoint Detection and Response
(EDR), is designed to help SMBs and IT partners navigate the
complexities of EDR management from a single, easy-to-use
console. While VIPRE EDR will be available publicly towards
the end of 2022, the company is ready to launch its Beta
program and seeks global users to test the product and
provide feedback. The VIPRE EDR Beta sign-up will be
available here: https://bit.ly/3QFHU4
06 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

INDUSTRY NEWS
Hibs get dibs on new Acronis and Dunedin IT partnership
Hibernian FC has announced an innovative multi-year
partnership with Acronis and Dunedin IT, one of Scotland's
most trusted and experienced technology and connectivity
providers providing end-to-end services. Acronis will provide
hybrid cloud solutions for backup, disaster recovery, secure file
sync, and data access, to become Hibernian FC's Principal
Cyber Protection Partner. This partnership will be supported by
the expertise of Dunedin IT, which will deliver Acronis cyber
protection solutions to improve data storage and access,
creating a more efficient and collaborative workflow. In what is
a significant agreement for the team, Acronis and Dunedin IT
will have Principal Partner status at the club. Dunedin IT will
have its logo printed on the lower back of the men's first team
home, away, and third kits for the 2022/2023 season.
Increasing IT complexity impacts ROI, finds SolarWinds
With hybrid and remote work amplifying the challenge of
managing distributed IT environments, 84% of IT
professionals believe the ROI of their projects has been
negatively impacted in the last 12 months, according to new
research from SolarWinds. The report, which examines the
acceleration of digital transformation efforts and its impact on IT
departments, also shows a third (33%) of IT professionals think
complexity added between four and seven months of extra work
to get their project to completion.
Commenting on the news, SolarWinds President and CEO
Sudhakar Ramakrishna said, "Many organisations are struggling
to drive forward transformation amidst increasingly distributed
and complex IT environments. "Amplified by a global move
towards hybrid and remote work, applications and workloads are
now run across both cloud and on-premises infrastructure. This is
not only hindering the ability to deliver benefits to end users in a
timely fashion but also significantly impacting the bottom line.
"In this challenging landscape, IT professionals are increasingly
looking towards observability to manage these growing levels of
complexity. By understanding where to prioritise their efforts,
teams can manage hybrid IT realities more effectively and
achieve the ROI targeted in their planned projects, which spells
long-term success for teams, businesses, and their customers."
Fusion IT appoints new CTO and earns ISO accreditation
Yorkshire-based IT support and solutions provider Fusion IT
Management has announced the appointment of James
Robinson as its new chief technical officer (CTO). James
previously held the role of IT operations manager and, during his
time with the business, has successfully built the firm’s cloud
platform, evolving from a handful of servers to a large multiredundant
array of complex systems, helping the business reach
new heights. Commenting on his new role, James said: "I'm
excited for this next chapter in my new role as the CTO of Fusion
IT. I want to express my gratitude to Jamie for trusting and
supporting me to grow in the past three years."
James Robinson
Fusion IT has also welcomed two new recruits to the wider
team. Karolina Mroz joins Fusion in the role of MatterSphere
developer, after having successfully completed an undergraduate
course in Computer Science at Sheffield Hallam University.
MatterSphere is a robust client and matter management system
that provides legal firms with a single, unified way to view and
manage day-to-day activities. Joining her in the MatterSphere
team is Kamil Sora, who will work as a support developer. A
Computer Science with Artificial Intelligence graduate, Kamil will
support the development team with the MatterSphere product to
generate and produce data reports to help ensure that the most
effective solution is implemented to meet the clients' needs.
To top off a fine period of achievement for Fusion, the firm has
also announced its achievement of ISO 9001 and 27001
standards. Fusion IT is one of only a small number of IT
businesses based in West Yorkshire to achieve this status.
NEWS NEWSNEWS
NEWS
NEWS NEWS NEWS NEWS NEWS
NEWS
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards AUGUST/SEPTEMBER 2022 NETWORKcomputing 07

OPINION: ZERO TRUST
A QUESTION OF TRUST
ZERO TRUST IS NOW A BUSINESS IMPERATIVE TO ENABLE THE
SECURE, HYBRID WORKING ENTERPRISE, ACCORDING TO MARK
COOKE, CHIEF OPERATING OFFICER AT XALIENT
Without a doubt, cybersecurity will
continue to be a topic riding high on
the C-Suite agenda throughout
2022. With intensifying trade disputes, an
escalating threat landscape, a highly
distributed workforce, supply chains stretched
to breaking point by the pandemic, and extra
pressure exerted by the ongoing effects of
Brexit and other geo-political issues, having a
secure, productive, agile and cost-effective
security framework in place will be paramount.
It's evident that today's enterprises conduct
business and use digital technologies in ways
that are evolving constantly. This digital
transformation is making traditional perimeterbased
cybersecurity IT infrastructure redundant.
The days when every user and every device
operating from within an organisation's
premises or firewall could be automatically
trusted are over for good. The last two years
have accelerated the global shift to the
cloud as enterprises look towards digital
transformation and the need, brought into
even sharper focus by the pandemic, for
business agility and higher productivity,
while also adapting to the new 'here for
good' model of hybrid working. And with
this come new challenges for cybersecurity.
The traditional security perimeter is rendered
ineffective in this new world, and most legacy
security systems, which were designed for a
data centre rather than a cloud-centric world,
equally so. This is because the traffic between
an employee and a cloud-based application
can now completely bypass the traditional
security perimeter, together with any incumbent
security controls or policies. The network is no
longer a secured enterprise network. Instead,
the insecure internet has fast become the new
corporate network. It's time for organisations to
take action if they are to keep attackers out
and keep their businesses and people safe.
As working from home has now become
globally widespread, security technologies and
processes based purely on established
geographic location are becoming irrelevant.
Millions of workers across the world shifted
from being office-based to working from
home, where they share broadband
connections with family and friends. With a
remote workforce, the use of potentially
unsecured Wi-Fi networks and devices
increases security risks exponentially. The
change in workers' expectations, with regards
to being able to work from home, means
remote working is unlikely to be a passing
trend. Subsequently these challenges and risks
around connectivity and security are here for
the long term.
A popular, but now outdated, option in
providing secure connectivity to corporate
applications has been to use a Virtual Private
Network (VPN). Whilst this will encrypt traffic
between a device and an application, and
provide a level of authentication, a VPN
provides access to the corporate network as
well as the applications that are served from it.
As a result, this can give inappropriate levels of
access to applications and functions that are
outside an employee's job role or profile. This
significantly increases the risk of a cyber security
incident. For today's sophisticated threat actors,
it is a trivial task to deduce that an organisation
is using a centralised firewall and launch a
DDoS attack via an online service that seriously
impacts productivity. So, if VPNs are no longer
fit for purpose, is there a better way?
ADAPTING TO ZERO TRUST
In short, yes there is. In this new environment,
more and more enterprises are adopting a
Zero Trust approach. Zero Trust is a security
concept centered on the belief that
organisations should not automatically trust
anything inside or outside its perimeter, and
instead must verify anything and everything
trying to connect to its systems before granting
access. Zero Trust employs "never trust" and
"always-verify" principles, offering a secure
platform for users to access applications, from
anywhere, whether housed in data centres or
the cloud. Security becomes all about context -
where a user is, what role they have, what data
they need and when - rather than about
location - inside or outside the organisation's
firewall. And Zero Trust ensures constantly
adaptive levels of trust and verifications as
these parameters change.
As the pressure to protect enterprise systems
and data grows significantly, and attacks
become more sophisticated, CIOs and CISOs
are moving the implementation of Zero Trust
across all aspects of their infrastructure, to the
08 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION: ZERO TRUST
top of the corporate agenda. By removing the
centralised approach to policy enforcement
and moving towards a distributed model
where security is delivered via the cloud,
organisations can begin to move to a model
where users and devices can be connected to
applications and data securely and efficiently -
regardless of geography.
CHALLENGES AND BENEFITS
It is undoubtedly a challenge for most large
enterprises with established IT teams, that have
worked on a 'trust but verify' basis using
corporate firewalls and VPNs, to change
direction and move towards a Zero Trust
framework. But in our view, adopting this
approach does bring considerable benefits.
Without the concept of a fixed network
perimeter, users can be anywhere and on any
device. It's also true today that the devices
employees are using are much less likely to be
ones assigned by their employer. Employerowned
laptops and phones are traditionally
managed, patched, and kept up to date with
security tools and policies. However, in the era
of remote working, employees may forget
basic cyber hygiene skills and start, or indeed
are actively encouraged, to use their own
devices to access corporate resources. If the
enterprise moves to a Zero Trust approach,
CISOs can reduce the attack surface of the
business by only giving employees access to
the applications they need to work with.
A MODULAR ZERO TRUST APPROACH
In our experience, one of the key questions
when adopting a Zero Trust approach is
"where do we start?" When trying to secure key
milestones of the journey between an
employee (or indeed more often a sensor or
other IoT device) and an application, the sheer
amount of technology touchpoints involved
can prove overwhelming. Most enterprises
typically have a subset of existing tooling that
address some key aspects of trust, e.g.
multifactor authentication, identity and access
management, network access control etc.
Extending the approach across multiple
technology towers, however, is challenging.
This is where a modular approach can work
effectively. Separating out key functions or
"journeys" into modules can allow a more
focused approach to the application of a
security policy, from a procurement,
implementation and budgetary perspective.
Although every enterprise will have its own
priorities that dictate the appropriate starting
point and path taken. In our view, there are
four key areas to a Zero Trust journey that
need to be considered. Firstly, Identity and
Access, enabling you to recognise and
authenticate user and device access, ensuring
appropriate levels of access are granted
dependent on role-based policies, rather than
location. If your current landscape of IDAM
systems is complex today, as so many are
following acquisitions, disposals and global
reorganisations, then these can now be
simplified with a single cloud overlay. This
takes away complexity, acting as a central
repository of users and devices, managing
starters and leavers, and much more.
The second consideration is the network itself,
ensuring you can connect users and devices to
apps and data over a high performing, secure
and constantly optimised pathway - using
cloud solutions such as SD-WAN for example.
And of course, being able to monitor the entire
pathway is more crucial than ever, helping
spot, avoid or remediate issues before they
impact your business operations. We use an
advanced proprietary AI-powered tool called
Martina that not only does this, but
automatically fixes issues too; in many cases
even before a user sees a problem. Monitoring
these new complex data pathways is critical to
both performance and security.
The third area we focus on is the Secure
Service Edge - this ensures a secure gateway to
the cloud, helping you get users on and off the
internet quickly, efficiently and securely, using
cloud on-ramp solutions, while ensuring a
high-quality digital experience. Finally, we look
at your Apps and Data, a vital stage ensuring
these are properly segmented to protect
against cross-infection should a virus occur.
As an example, if the network itself is your
most pressing area for action, we see SD-WAN
as a core solution component in the journey to
Zero Trust. It makes management of network
infrastructure easy, allowing IT to avoid
complex network-security architectures, whilst
providing the highest security through a clouddelivered
model. All traffic is securely
connected through a cloud-delivered service,
whatever the connection type - mobile, satellite
or home broadband. And because the
intelligence of the network is software-driven
and orchestrated centrally, it can manage the
user's journey through an insecure internet to
the location of the application, at the same
time compressing other applications to
improve the user experience.
An SD-WAN solution can be procured and
implemented as a standalone initiative - but
the real zero trust value comes when it's
incorporated as part of a total security and
networking solution, often known as SASE,
Secure Access Service Edge.
Addressing all four areas described above
will leave your enterprise secure, resilient,
agile and connected - providing firm
foundations for successful digital
transformation. At Xalient we call this our Zero
Trust Framework - and by using this framework
we ensure that we consider every stage of the
journey through the lens of Zero Trust. It's our
belief too, that to achieve successful and
ongoing digital transformation, enterprises
must address the challenges of security
transformation right at the outset.
THE CIO AND CISO IMPERATIVE
Now is the time for CIOs and CISOs to work
together to design their Zero Trust journey
together - investing in modern technologies,
rather than trying to retro-fit legacy systems, to
ensure their organizations are successful and
secure in today's work-from-anywhere and
cloud-centered world. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards AUGUST/SEPTEMBER 2022 NETWORKcomputing 09

PRODUCT REVIEW
NetAlly EtherScope
EXG-300
PRODUCT REVIEW
PRODUCT
REVIEWPRODUCT RE
NetAlly's EtherScope nXG bowled us
over when we first reviewed it as this
ruggedised handheld device delivers
a stunning range of wired and wireless
diagnostics features. Not content to rest on
its laurels, NetAlly has launched the new
and improved EXG-300 model which
delivers full visibility into Wi-Fi 6 and 6E
networks and supports all three 2.4GHz,
5GHz and 6GHz bands.
A feature that makes the EtherScopes very
appealing to technicians and engineers is
that they run an Android-based OS - anyone
that can use a mobile will find the EXG-300
very easy to use. The large 5in. colour
touchscreen presents a wide selection of
icons for all tasks and the screen's FAB
(floating access button) opens floating action
menus offering instant access to further
analysis tools related to the selected task.
The EXG-300 offers a wealth of wired
cable testing and network diagnostics
features and supports 10GbE copper and
fibre, multi-Gigabit and Gigabit
connections, plus it can uniquely display
data gathered from wired and wireless
networks simultaneously. It can analyse and
report on PoE switch ports and supports the
802.3af/at/bt standards, all classes from 0
to 8 and Cisco's proprietary UPoE.
The device is, indeed, very easy to use and
we started by analysing the lab's Wi-Fi 6
network using the AutoTest profiles. The
default Wi-Fi profile includes a set of
predefined tests covering areas such as
SSIDs, channels, AP details, DNS connectivity
and so on, and once we had connected it to
our Zyxel WAX610D Wi-Fi 6 AP, the EXG-300
automatically created a new test profile for us
which we started with one tap.
The test only takes a few seconds and the
EXG-300 returned a wealth of wireless
information presented as 'cards' in its screen,
each with colour coding to indicate
warnings or errors. Tapping on the SSID
card revealed graphs and tables for signal
quality, channel utilisation, retries and PHY
transmission rates, while the Channel card
confirmed that our AP's 160MHz channels
were operational, showing all others in use
and their frequency range.
All this is just to whet your appetite as tapping
on the main WiFi icon reveals everything
about all discovered internal and external
wireless networks in your vicinity. Along with
channel maps and overlap graphs, it shows all
channels, their active SSIDs and the APs using
them, every detected SSID and their security
status and all clients along with their
associated SSIDs and the encryption standard
being used plus RF and traffic statistics graphs.
There's more, as the integral AirMapper app
is provided for indoor and outdoor Wi-Fi site
surveys and creating signal heatmaps. Copy a
site map to the EXG-300, create a survey, add
your datapoints and the results can be
uploaded with one tap to the NetAlly Link-Live
cloud portal for further analysis and sharing
with colleagues.
We aren't done yet, as along with the Test
Accessory iPerf server unit and a tri-band
directional antenna, the EXG-300 kit option
includes NetAlly's NXT-1000 dual-band
spectrum analyser. We plugged it into the
device's upper USB port, tapped the Spectrum
icon and were presented with frequency
spectrum heat map, historical waterfall and
real-time signal level graphs - great for
spotting rogue devices that may be interfering
with your wireless services.
We didn't think it was possible to cram any
more features into the EtherScope nXG - but
NetAlly has proved us wrong. The compact
and portable EXG-300 teams up an incredible
range of wired and wireless diagnostics and
troubleshooting tools with extreme ease of use,
making it the perfect partner for network
engineers - especially those tasked with
installing and maintaining high performance
Wi-Fi 6/6E wireless networks. NC
Product: EtherScope EXG-300
Supplier: NetAlly
Website: www.netally.com
Telephone UK: +44 (0)141 816 9600
Telephone US: +1-719-755-0770
Price: From £8,575 exc VAT
10 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION: ENDPOINT SECURITY
WHY EMPLOYEE WORKSTATION SECURITY CAN'T BE FORGOTTEN
DAVID HIGGINS, SENIOR DIRECTOR, FIELD TECHNOLOGY OFFICE AT CYBERARK GIVES US SIX
ENDPOINT SECURITY RULES TO ISOLATE ATTACKER ACTIVITY, REDUCE THE IMPACT OF A BREACH
AND ALLOW ORGANISATIONS TO REGAIN CONTROL OF THEIR ENVIRONMENTS
Arecent Accenture study found that 63%
of high-growth companies have
already adopted 'productivity
anywhere'. It's a switch which, two years later,
is still causing issues for businesses -
specifically their security teams. This is mainly
as a result of employee workstations now
being put at the edge. Far beyond the 'walls'
of the traditional corporate network, they're
an easy route in for attackers looking to
compromise identities, launch ransomware
attacks, exploit privileged credentials and
infiltrate sensitive corporate networks.
PROTECTING THE ENDPOINT
Having these workstations - or endpoints - in
such an unsecure situation is leaving
organisations at an unnecessary and increased
risk of an endpoint attack. This is especially
worrying as we know that, during these types of
attack, by the time incident response specialists
are called in the environment has already
become overrun by threat actors.
It is vital to an organisation's overall security
posture that they don't neglect endpoints -
especially workstations. Doing so will inevitably
end in a cyber assault. While this might sound
like a big task, there are actually only six steps
which security teams need to adhere to in order
to protect them. These are fundamental identity
security rules and safeguards:
1. Remove local admin rights: Administrator
accounts are vital. Not only are they used to
install and update workstation software and set
up system preferences, but they are critical to
the smooth running and management of user
accounts. The security issues arise however, as
admin accounts are privileged, making them
more valuable to attackers and more
susceptible targets for those looking to run
ransomware and other malicious software,
disable antivirus, and block disaster recovery
tools. Moving local admin powers away from
normal users and into a secure digital vault with
credential rotation is the quickest and most
straightforward way to secure employee
workstations. Doing so reduces the ability of
attackers to move through networks, while
lessening the impact of employee mistakes.
2. Implement least privilege: Employees
frequently need to carry out an action which
requires administrative privileges. While these
are usually legitimate and necessary tasks, justin-time
privileged access enables teams to
safely carry out work both in accordance with
policy, and appropriately.
3. Policies for application control: The endpoint
must be able to defend against attacks, as well
as allow or deny known applications. To do
this, and lessen the risk of threats such as
ransomware, organisations must be able to
"greylist" apps and implement advanced control
policies, ensuring workers use only secure,
trusted applications.
4. Don't forget cached credentials: Credential
theft is one of the greatest risks to
organisations. These can be saved in memory
by many common business apps, and web
browsers and password managers store
application and website credentials
locally. The fact threat
actors can easily and
frequently get cached
credentials without
requiring admin
capabilities, makes
having an
endpoint security
layer even more
essential to overall security.
5. Leave and set traps: It may sound left-field,
but endpoint protection technologies that
support privilege deception functionality, such
as the capability to generate phoney "honeypot"
privileged accounts, can help identify potential
attackers in real-time.
6. Monitor privileged activities: Attackers are
sneaky and often go unnoticed when testing a
network's defences. By proactively monitoring
privileged workstation activity, organisations
can automatically identify and stop adversaries
before they move laterally, elevate privileges, or
do significant harm.
FINAL THOUGHTS
Endpoint security has been something
organisations have been battling against for
years, and the added challenges they face
thanks to the proliferation of hybrid working are
cause for concern. With inadequately protected
employee workstations posing as the perfect
vulnerability for attackers to exploit, it's
imperative for organisations to act swiftly to
protect endpoints. NC
12 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

PRODUCT REVIEW
Progress Flowmon
Collector 12.1
PRODUCT REVIEW
PRODUCT
REVIEWPRODUCT RE
NetOps and SecOps teams that
demand full visibility into their
networks will find the Flowmon
product family from Progress delivers precisely
what they need. The suite provides a wealth of
network traffic flow monitoring, analysis and
reporting tools and the best part is they are all
managed centrally from a single web console.
Features include traffic, application, server
latency and end-user experience monitoring
along with packet capture and analysis. This
latest version takes monitoring into the cloud
with support for native flow logs from AWS,
Azure and Google Cloud.
Previously, monitoring these cloud platforms
required a probe installed to the relevant
service and traffic mirroring configured -
requirements that will ramp up ongoing costs,
making cloud flow monitoring very expensive.
Flowmon's support for native flows means
probes aren't required and as much smaller
quantities of data are generated, cloud data
transfer charges are reduced significantly.
The Flowmon network operations solution on
review comprises the Flowmon Collector,
Probe, agentless APM (application performance
monitoring) and packet investigator modules.
SecOps teams should consider the full
Flowmon network and security operations
solution as it adds the ADS module which
provides detection services for unknown threats,
malware, ransomware and malicious activity
along with incident response and forensics.
The Flowmon Collector appliances handle
collection, long-term storage and analysis of all
industry standard log flow formats including
NetFlow, IPFIX, sFlow, jFlow and NetStream
and can receive them from a wide range of
network devices including load balancers,
routers, switches, firewalls, packet brokers and
dedicated Flowmon Probes. The Collector
includes an integral Flowmon Probe for native
collection of L2/L4 information along with L7
statistical data and more external Probes can
be added as needed.
Collector deployment options include turnkey
hardware rack-mount models, installation on
cloud services such as AWS, Azure and Google
Cloud Platform or virtualisation on VMware,
Hyper-V and KVM hosts. We chose our
VMware vSphere host and swiftly deployed the
Collector using the supplied OVF template,
placed our Probe monitoring ports on separate
vSwitches and dedicated physical adapters with
promiscuous mode enabled and cabled them
to our switch span ports.
The web console's home page provides easy
access to the Flowmon Monitoring Center
(FMC) which manages flow sources, provides
traffic graphs for each one and offers an Analysis
section for drilling down for more information.
The smart Chapters feature combines profiles
and source data channels to present information
on areas such as problematic connections, top
talkers, L7 analysis for service usage and, of
course, cloud flow monitoring.
Configuring AWS cloud monitoring was a
lengthy process but the detailed documentation
and assistance from Progress' knowledgeable
support staff helped us over any hurdles. Once
we had AWS IAM access, EC2 instance
network interface flow logging and an Amazon
CloudWatch log group configured, we used
FCC to enable AWS flow logs and watched as
FMC spotted the new source for the monitored
Linux instance.
The Dashboard and Report console presents
an incredible amount of graphical information,
and widgets allow it to be easily customised to
your requirements. We added a Chapter for the
AWS source, used it to create a new widget and
after dragging it to a prominent position on our
dashboard, could see all traffic and IP addresses
related to our EC2 instance and set monitoring
periods of between one hour and three months.
Progress Flowmon is the perfect partner for
NetOps and SecOps teams as it provides a
stunning amount of information on network,
service and application performance. Fully
centralised management makes it easy to
identify and analyse problem areas while the
native cloud flow monitoring services add
valuable new dimensions and keep cloud costs
to a minimum. NC
Product: Flowmon Collector 12.1
Supplier: Progress Software
Website: www.flowmon.com
Sales: support@flowmon.com
WWW.NETWORKCOMPUTING.CO.UK AUGUST/SEPTEMBER 13
NETWORKcomputing
@NCMagAndAwards

OPINION: DIGITAL TRANSFORMATION
OVERSIGHT ABOVE I.T. TRANSFORMATION
EVERYONE IS TALKING ABOUT TRANSFORMATION IN THE I.T.
SPACE, BUT DO PROFESSIONALS HAVE COMPLETE VISIBILITY AS
TO WHICH DEVICES, SYSTEMS AND APPLICATIONS ARE
UNDERGOING THIS PROCESS? MAT CLOTHIER, CEO AT
CLOUDHOUSE GIVES US HIS TAKE
Digital transformation is nothing new, but
we are living through a period of
particularly rapid change. Internal and
external factors have combined to accelerate
this trend. The Covid pandemic brought with it
a seismic shift in the way people work and
consume products, and this change is here to
stay. Enterprises are busy making positive
changes, driven by a desire to provide best
levels of service to customers and ensure the
business remains fully compliant and resilient
in the face of change.
COMPLEXITIES OF THE CLOUD
Arguably the biggest transformation still
playing out in the IT industry is moving to the
cloud, with predictions that the global cloud
computing market will continue to grow at
pace to the end of 2028, as small and
medium enterprises make their migration and
businesses seek to improve efficiency with the
adoption of advanced technologies such as
big data, AI and machine learning.
Using multiple cloud providers has become
the standard for many organisations, with 80%
using both public and private clouds in a hybrid
model. The hybrid model offers agility and
competitive advantage, but having your IT
estate spread out in this way can create its own
problems. Maintaining oversight of all parts of
the estate is essential for resilience but can
prove complex and time consuming in practice.
While human resources in the business are
busy working on positive change, it's as crucial
to ensure that technology can enable
monitoring of those developments. With so
much at stake, monitoring is essential to
minimise disruption and ensure a seamless
customer experience. It is also an important
element in making sure regulatory standards
and compliance are maintained.
The risks of breaching regulatory
compliance, with the potential consequences
of legal action and fines, as well as
reputational damage, are well documented.
For example, data for 2021 shows that data
breach costs rose to an average total of
$4.24 million, the highest ever recorded - but
the same report noted that costs were
significantly higher for organisations that
lagged in areas such as security AI and
automation and cloud security. And the costs
are not just financial: there is huge potential
for reputational damage. For those operating
in highly regulated industries, such as finance
and healthcare, the consequences of
breaching regulatory compliance can be even
more severe.
OVERSIGHT TOOLKIT
CTOs and CIOs, now more than ever, need to
keep on top of their IT transformation, monitor
change and have full oversight of their estates.
Being across so many things at once can be
daunting and laborious, especially for those
working with a matrix management structure.
So how can they best achieve oversight?
This is where configuration management
tools come to the fore. These tools give a toplevel
overview - a clear and unambiguous
assessment of every element of the full suite -
all in one place, and can find and fix
compliance and change management issues
quickly. They allow omnipresence, facilitating
best practice oversight over even the most
complex transformation projects.
Having all this information in one easy-toaccess
place also makes it easier to bring
teams together - particularly beneficial for
those working with a matrix management
structure. You won't miss a thing.
Change management is made simple as the
tools look at the different environments across
the estate and compare them, giving full
transparency on where you are on the journey
to migration. They allow oversight of the
tracking, testing and deployment of updates,
pre-empting issues before they arise. What's
more, they work across server, desktop and
network as well as multiple vendors, making
them ideal for those working with hybrid cloud
systems, giving full peace of mind.
Management tools not only identify issues
when they happen: they can also provide a
further layer of protection by allowing CTOs
and CIOs to take full control by setting policies
and permissions to pre-empt compliance
problems before they occur. Policies can be
created or selected from the Center for Internet
Security's 20 critical security controls, which
satisfy regulatory requirements like PCI and
SOX. This means companies can automatically
achieve compliance by setting policies
according to best practice configuration.
The automated health checks offered by
configuration management tools act as an
early warning system, building a company's
resilience by allowing them to act fast not just
when problems crop up, but by catching
misconfigurations before they can be
exploited. Configuration management tools
are a powerful addition to the CTO and CIO
toolkit. NC
14 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINON: NETWORK DOWNTIME
DOWNTIME DOLDRUMS AND SMART SOLUTIONS
ALAN STEWART-BROWN, VP EMEA AT OPENGEAR CONSIDERS THE
TOP TRENDS FOR NETWORKS THAT WANT TO STAY ONE STEP
AHEAD OF DOWNTIME
With hybrid working now becoming
the strategy of choice for numerous
businesses, many have had to
undertake a re-evaluation of their network
infrastructure to facilitate collaboration and
productivity while at home and in the office.
However, the road to integrated networks has
proven to be a bumpy ride. As more firms
leverage IoT and smart devices, this
increases the risk of disruptive downtime due
to the increased strain on networks. So what
trends are allowing businesses and their
engineers to effectively escape the downtime
doldrums?
THE CONSTANT THREAT TO UPTIME
Network outages are nothing new, but in
2021, downtime managed to impact some
of the largest enterprises in the world. Even
social media giant Meta was impacted
globally for almost six hours over two days in
October 2021, affecting access to
Facebook, Instagram and WhatsApp. While
detrimental to the technology firm, it also had
ramifications for the people and businesses
around the world that rely on its services.
The biggest causes of downtime for
enterprises will typically be software upgrades
gone wrong, cyber attacks or
misconfiguration errors, such as when writing
a configuration file. The issue is also
compounded by the widespread adoption of
IoT devices. Due to constant connectivity
being needed, any outage will also affect
these endpoints.
Content delivery networks (CDNs) are also
under sharp focus due to their role in
improving site performance and user
experience. Software configuration updates
can trigger bugs in such systems and lead to
severe disruption. In a handful of cases,
natural disasters can prove catastrophic to
intercontinental global data traffic, proving
the fragility of the interconnected world.
However, with correctly chosen solutions,
businesses are able to manage their
infrastructure remotely and securely,
minimising downtime as much as possible.
With today's network challenges,
organisations require access to advanced
technologies to streamline their operations
and agile tools to provide insights into
virtualised environments.
KEEPING DOWNTIME AT BAY
At the core of keeping downtime at a
minimum is an independent management
plane, which essentially allows engineering
teams to roll-back or undo any inadvertently
uptime-threatening actions. This is part of a
wider Smart Out-of-Band management
setup, which unlike In-Band solutions, allows
network engineers to securely connect to
remote equipment during an outage.
Engineers can then also lock down the most
critical functions on the production network
to prevent access from other users.
Smart Out-of-Band interfaces can also be
paired with Failover to Cellular. These
capabilities use 4G LTE, so in the case of
disruption, engineers can leverage bandwidth
to access critical applications when
undergoing issue remediation, even when the
primary network is down. This bandwidth not
only provides the remote access to determine
the root cause of an outage, but also acts as
a path for remote site production network
traffic, ensuring network resilience.
TOWARDS NETOPS AUTOMATION
Another aspect of maintaining uptime is via
the adoption of a NetOps approach for
growing, virtualised environments. Across the
hybrid workforce, it's more important than
ever for enterprises to be able to automate
certain processes, such as the testing of
network processes for latency purposes or
securely provisioning new sites. NetOps
makes this possible, with a growing
awareness of its benefits among businesses
and IT departments.
The NetOps approach provides advantages
such as upskilling and business efficiency,
with opportunities for employees to build
programming skills in Python and
understanding of Docker containers, plus
other commonly used toolsets such as Chef,
Puppet and Ansible. Together with the
independent management plane, NetOps
automation ultimately helps reduce the threat
of downtime and ensures business continuity.
KEEPING THE NETWORK UP AND
RUNNING
Outages ultimately lead to organisations
losing money and can have a significant
impact on industry reputation. The hybrid
working era has required businesses to be
more agile and offer a network that's secure,
connected, and scalable for employees to
benefit, regardless of where they are based.
To ensure downtime is kept to a minimum,
enterprises need to be proactive in securing
their network resilience with trending
technologies such as the independent
management plane, Smart Out-of-Band
technologies and NetOps to ensure optimum
business continuity and keep the network up
and running. NC
WWW.NETWORKCOMPUTING.CO.UK AUGUST/SEPTEMBER 15
NETWORKcomputing
@NCMagAndAwards

SECURITY UPDATE
HOW TO INCREASE SECURITY VIA A ZERO TRUST ARCHITECTURE
AS CYBERCRIMINALS CONTINUE TO DEVELOP NEW ATTACK TECHNIQUES AND BECOME MORE
SOPHISTICATED, THE TRADITIONAL NOTION OF A STRONG EXTERNAL
PERIMETER BEING THE BEST - AND OFTEN ONLY - DEFENCE
AGAINST COMPROMISE HAS SHOWN ITSELF TO BE
INADEQUATE. SANJAY RADIA, CHIEF SOLUTIONS
ARCHITECT AT NETSCOUT EXPLAINS WHY
Nowadays,
perimeter-based
network access
controls are unable to detect or prevent
compromise, as vectors of attack have
evolved and the threat surface continues
to grow. Evidence of this can be seen
with direct attacks, such as the recent
log4j vulnerability, as well as indirect
attacks, an example of which is phishing
with malware. Prevention at the edge has
been the saviour side of the arms race
but has always, and will always, come in
second place.
Things get worse when we consider the
implicit security assumption that
everything inside an organisation's
network is trustworthy. This means that if
threat actors are on the network, they
have the ability to move laterally within it
- allowing them to seek further
compromise. The concept of a Zero Trust
architecture was introduced to allow
services that drive digital transformation,
while improving the network's security
posture.
ZERO TRUST
The National Cyber Security Centre's
16 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

SECURITY UPDATE
(NCSC) Zero Trust design principles
present a new method of solving an ageold
problem - securing networks and
information. As a result, organisations of
all sizes are rethinking their security
architecture, processes, and procedures
to adopt Zero Trust features.
According to the NCSC, "Zero Trust is an
architectural approach where inherent
trust in the network is removed, the
network is assumed hostile and each
request is verified based on an access
policy". In order for a request to be
deemed trustworthy, context must be
sought. This relies on a number of factors,
including strong authentication,
authorisation, the health of the device,
and the value of accessible data.
An example of a Zero Trust approach is
multifactor authentication (MFA). MFA
adds an extra layer of security by
requiring additional factors to prove
the identity of users. For example,
users may be required to scan their
fingerprint or confirm a PIN sent to
their device before they can access a
resource. From a Zero Trust architecture
perspective, MFA is utilised as a doublecheck
against its own security measures,
ensuring that users are indeed who they
are claiming to be. This significantly
reduces the possibility of bad actors using
compromised credentials to access data,
devices and systems.
CREATING A SAFER, MORE SECURE
ENVIRONMENT
The Zero Trust model can be easily
visualised as a set of pillars representing
different security areas, such as devices,
applications, and users. Beneath all of
these pillars lie the foundational aspects
of a Zero Trust architecture. These are:
analytics, visibility, automation, and
governance.
Zero Trust adoption is a gradual and
continual process. As enterprises begin to
refine their architectures, their solutions
become increasingly reliant on
comprehensive visibility and monitoring,
automated processes, and systems, in
addition to becoming closer to full
integration across all of the pillars. This
enables organisations to be more
dynamic in their decisions around policy
implementation.
Implementing and developing a Zero Trust
architecture takes time. The architecture will
continue to develop as policies, processes
and tooling are upgraded. Nevertheless,
verification and ongoing auditing of Zero
Trust models is vital to knowing and
demonstrating that an organisation's
security measures are working.
A key characteristic of a Zero Trust
architecture is that it comes with no false
sense of security. In traditional perimeterbased
models, anything taking place
inside the network is considered
trustworthy, due to the assumption that
any users or activities taking place in the
network have already passed
authentication and are authorised to be
there. Therefore, this architecture
assumes that insiders are never
dangerous or destructive and that
perimeter security is faultless.
However, there are obvious flaws with
this model. There are numerous scenarios
in which users and events inside your
perimeter shouldn't be trusted - for
example, when a cybercriminal has
gained access using compromised
credentials, enabling them to abuse
privileges or move laterally through the
network. A Zero Trust architecture
prioritises protection against potential
insider threats, thus preventing a situation
like this from unfolding.
VISIBLE BENEFITS
When it comes to implementing a Zero
Trust architecture, comprehensive visibility
of the entire network is a requirement for
all organisations. This ensures that the
Zero Trust model is effective. In addition,
the architecture should contain network
taps to mirror traffic from the wire, as well
as a tool that is capable of replicating
and distributing packets to existing
cybersecurity monitoring tools.
Only with this level of visibility will
enterprises be able to detect potential
threats, view historical usage, trace
interconnected devices, and assist in
orchestrating mitigation through
Application Programming Interfaces
(APIs). Additionally, organisations should
have the capacity to utilise protection
groups so as to classify networks, servers
and services based on the risk posed to
them. This will allow for the rapid
adoption of a Zero Trust architecture.
Whether an organisation is just starting
out on its Zero Trust implementation
journey, or is are already well on its way,
it is vital to ensure visibility and analytics
are major components within the
detection and validation of their Zero
Trust architecture design. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards AUGUST/SEPTEMBER 2022 NETWORKcomputing 17

SECURITY UPDATE
STAY AWARE OF RANSOMWARE
RANSOMWARE ATTACKS ARE GROWING IN COST AND
FREQUENCY. FLORIAN MALECKI, EXECUTIVE VICE
PRESIDENT MARKETING, ARCSERVE OFFERS 5 STEPS THAT
COMPANIES SHOULD TAKE TO PROTECT THEMSELVES
Ransomware attacks continue to impact
organisations worldwide - and the
costs are staggering. A new global
survey of over 1,100 IT decision-makers at
small and midsize companies found that
50% had been targeted by a ransomware
attack, with 35% asked to pay over
$100,000 in ransom, and 20% asked to
pay between $1 million and $10 million. In
the UK, 50% of respondents said they had
no choice but to pay the ransom.
These numbers are not expected to
improve soon. The sad truth is that, despite
spending billions on cybersecurity tools,
businesses are still poorly prepared for
ransomware attacks. Less than a quarter
(23%) of all respondents to the survey said
they're very confident in their ability to
recover lost data in the event of a
ransomware attack. Smaller businesses are
even less well prepared. Under 20% are
very confident in their ability to recover lost
data in the event of a ransomware attack.
Meanwhile, the attack surface continues
to expand as organisations using
technologies like IoT, artificial intelligence,
and 5G generate even more data - data
that can be compromised and held captive
by ransomware attackers. Remote working
adds to this attack surface. 65% of UK
respondents said they didn't have a
backup and recovery plan for all their
remote workers.
For this reason, companies must take a
new approach to data resilience. They must
strengthen their disaster recovery strategies,
backup systems, and immutable storage
solutions to prevent the loss of missioncritical
data.
Many are. The survey found that 92% of
organisations are making additional
investments to protect against ransomware
attacks, with the top areas of investment
being security software (64%), training
and certification (50%), and managed
services (43%).
While these investments are encouraging
more should be done as, for most
companies, it's not a matter of if their data
will be compromised; it's a matter of when.
With ransomware attacks increasing yearly,
data backup and recovery should be at the
very top of every organisation's priority list.
Here are five steps businesses can take
18 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

SECURITY UPDATE
now to reduce their exposure to
ransomware and avoid staggering losses.
1: Educate employees
It's essential to invest in training for staff so
that they're aware of how ransomware
works. From there, employees will be better
prepared to recognise and prevent it. They
should know that ransomware can sneak in
from anywhere. The training should remind
them to scrutinise every link in emails and
not open attachments in unsolicited emails.
Employees should be reminded to only
download software - especially free - from
websites they know and trust.When
possible, employees should verify the
integrity of downloaded software through a
digital signature before execution.
2: Focus on cures as well as prevention
Companies continue to invest loads of
money in cybersecurity solutions like nextgeneration
firewalls and extended detection
and response (XDR) systems designed to
prevent attacks. Yet these same companies
are still falling prey to ransomware and
being forced to pay a hefty price.
It's time for companies to stop focusing
entirely on prevention. They should also
invest in curative measures like backup &
recovery and immutable storage that allow
them to quickly restore their data and
avoid paying the ransom when attackers
break in.
Regular data backups and encryption play
a key role in protecting an organisation's
data. A consistent backup schedule will
enable you to seamlessly restore any
compromised systems or data. Encrypting
your sensitive data is also highly
recommended. After all, if ransomware
attackers gain access to your critical assets,
encryption has the benefit of keeping data
from being read and further exploited by
the bad guys.
3: Place a premium on data resilience
Your data resilience is only as strong as
your weakest link. Monitor your
weaknesses, fix them when you find them,
and you can bounce back quickly from
disruption and return to normal operation.
To do this, you must have the technologies
required to back up your data and recover
it if necessary, along with the proper
mindset. That means a defensive posture is
regularly sustained with drills that simulate
an intrusion to measure your resiliency and
bolster it where necessary.
Many companies develop a strategy and
then neglect to test it. That's like a basketball
team devising a sophisticated defense and
never bothering to practice it. All companies
should regularly test their data backup and
recovery plans to ensure they can effectively
restore their data and systems if an attack or
natural disaster occurs.
4: Know what data is most critical
Data varies in value. If you're concerned
about costs, as most organisations are these
days, you don't have to store or back up all
your data in the same place. Look into
storage solutions that provide options like
data tiering. These enable you to place lessimportant
data in less-expensive levels of
storage or "tiers."
Another upside of data tiering is lower
energy costs. You'll use less compute power
if you're not storing every last byte of your
data at the highest security level.
5: Put a disaster-recovery plan in place
Despite all the preventive measures you
take, you need to prepare for the possibility
that you will get hit. So, it would be best if
you had a disaster recovery plan. You need
to be able to back up data as often as is
appropriate-ideally every 15 minutes for
critical data. You also need to easily verify
that your whole environment is backed up,
including your remote workers and any
SaaS applications you use, such as
Microsoft 365.
A good disaster-recovery solution will back
up your data to a location of your choice
and on a schedule that suits you. It will also
be easy to test, which is crucial because
testing is the only way you can validate that
your recovery-time goals can be met. It may
seem obvious, but this is where a lot of
solutions fall short. Your disaster-recovery
solution must be able to recover your data
every time and on time. When ransomware
hits, you want to be confident you can
recover your data and get on with business
as soon as possible.
FINAL TAKEAWAY
There is no perfect defense against
ransomware. The best approach is a
multilayered one that includes educating
your staff, investing in reliable data backup
& recovery and immutable storage solutions,
and having a robust disaster recovery plan.
That's how organisations can stay ahead of
this growing threat and protect their data
and bottom line. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards AUGUST/SEPTEMBER 2022 NETWORKcomputing 19

FEATURE: WAN PERFORMANCE
WHY CISOs MUST NOW EMBRACE SD-WAN
SIMON HILL, HEAD OF LEGAL & COMPLIANCE AT CERTES NETWORKS INSISTS THAT
IT’S TIME FOR CISOs TO TAKE A LEAD ROLE IN THE DIGITAL TRANSFORMATION
PROCESS - OR RISK BEING SIDELINED FOR GOOD
Digital transformation has become a
business imperative, yet rather than
pulling together to enable essential
change, the friction between network and
security teams is increasing. The business
needs to move away from data centres and
traditional Wide Area Networks (WAN) to
exploit the cost, flexibility and agility
provided by the cloud and Software Defined
WANs (SD-WAN). Chief Information
Security Officers (CISOs), especially those
working in regulated industries, insist the
risks associated with public infrastructure
are too high. Stalemate.
Until now. Organisations are pressing
ahead with digital transformation plans
and excluding the CISO from the
conversation. But at what cost? Who is
assessing the implications for regulatory
compliance? At what point will the Chief
Risk Officer prohibit the use of the SD-
WAN for sensitive data, leaving the
business running legacy and new
infrastructure side by side, fundamentally
undermining the entire digital
transformation project?
A new attitude is urgently required, one
based on collaboration, understanding
and a recognition that a Zero Trust security
posture can safeguard even the most
sensitive data, while unlocking all the
benefits associated with SD-WAN.
ACCEPT CHANGE
CISOs need to face up to the fact that
digital transformation is happening - with
or without them. Organisations need to
embrace the agility, flexibility and cost
benefits offered by the cloud, by Softwareas-a-Service
and, critically, the shift from
expensive WAN technology to SD-WAN.
For CISOs, while the migration to SD-
WAN extends the attack surface, adding
unacceptable data vulnerability, saying no
is not an option any more. CISOs risk
being left out of the digital transformation
loop - and that is not only adding
significant corporate risk but also
compromising the expected benefits of this
essential technology investment.
Network and IT teams are pressing
ahead, insisting the risk is acceptable.
How do they know? For any organisation,
this is a dangerous compromise: critical
risk decisions are being taken by
individuals who have no understanding of
the full implications. For those
organisations operating in regulated
industries, these decisions could result in
an exposure to $10s millions, even $100s
millions of penalties.
Failure to embed security within the initial
digital transformation strategy is also
compromising progress. What happens
when the CISO or Chief Risk Officer
discovers the business is in the process of
migrating from the old WAN to a new SD-
WAN environment? Suddenly the brakes
are on, and the call is for sensitive data to
be encrypted before it hits the network.
Adding Internet Protocol Security (IPsec)
tunnels will degrade performance - so the
business is then stuck using the legacy
WAN for data connectivity while still
paying for the SD-WAN and failing to gain
any of the agility or cost benefits. More
frustration and friction between teams that
should be working together to support
business goals.
DRIVE CHANGE
Security is a fundamental component of
digital transformation - indeed of
corporate operating strategy. Rather than
avoiding change, CISOs have a
responsibility not only to secure the
organisation but to proactively advocate
change, with security as the key enabler of
digital transformation.
20 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

FEATURE: WAN PERFORMANCE
Digital transformation does not by
default create an inherently insecure
environment - but it will require
organisations to, somewhat belatedly,
embrace a Zero Trust model. It has been
clear for many years that there is no
correlation between ownership and trust.
Just because a company owns
infrastructure and assets does not
automatically infer total trust over data
security. Similarly, infrastructure outside
the business is not inherently
untrustworthy.
The key is to build trust into a secure
overlay to protect data that will allow a
business to operate across any
infrastructure, whether it is owned or public.
A High Assurance SD-WAN overlay, for
example, uses crypto-segmentation to
protect and ensure the integrity of
sensitive data. With this Zero Trust
approach, High Assurance SD-WAN
means whether the network is public or
private, trusted or untrusted, is irrelevant:
the data security team simply needs to
define the policy and, with ownership of
the cryptography keys, can be confident
that data is protected at all times
wherever it goes.
WORKING TOGETHER
Adopting a Zero Trust security posture
changes the outlook for CISOs - and
provides a foundation for vital
collaboration with the networking and IT
teams. With confidence that the data is
secure regardless of network location,
everyone involved in digital
transformation can achieve their goals: IT
and network teams can embrace the
flexibility and agility of the cloud, SaaS
and SD-WAN, while the security team still
has control of the security posture.
This can only be achieved if the business
embraces a different mindset. It is
essential to think about security by design
from the outset - and to break down the
barriers between network, IT and security.
The introduction of the Secure Access
Service Edge (SASE) framework provides
clear guidelines for the convergence of
these teams to drive additional business
value but the onus - and opportunity - lies
with the CISO to ensure the entire
organisation truly understands the digital
transformation objectives.
This also demands an essential shift
away from a regulatory compliance
focused security posture - something that
is inherently flawed due to the
impossibility of creating regulations that
keep up with the ever changing security
threats - towards a truly business driven
approach. Working together to plan the
digital transformation process may take a
little more time up front but it will result in
a secure foundation that will remove any
constraints to innovation and agility.
CONCLUSION
It is time for CISOs to change. There is no
value in endlessly blocking essential new
technology projects; and no upside in
being excluded from vital plans as a
result. By taking a proactive stance and
driving digital transformation strategies,
CISOs can redefine the role, become a
key strategic player within the business
and act as an enabler, rather than a
constraint, to operational success. It is
time to find a way to say yes to secure
digital transformation - without
compromise. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards AUGUST/SEPTEMBER 2022 NETWORKcomputing 21

OPINION: SASE
THE SASE APPROACH TO NETWORK SPRAWL
SPRAWLING NETWORKS AND LONG LEAD TIMES - IS THERE ANOTHER APPROACH WE CAN TAKE?
JUSTIN DAY, CEO AND CO-FOUNDER OF CLOUD GATEWAY, SHOWS US THE WAY
There's no denying that, post-pandemic, IT
teams are more focused on architectures
and investments to help them better
manage change, whilst delivering seamless
experiences and keeping their organisation's
infrastructure secure. However, for many
organisations their digital estate has expanded,
with an increasing number of cloud-based
technologies and services provided by multiple
suppliers, with multiple agreements to monitor
and manage.
The thing is, getting cloud services up and
running isn't the end goal for IT teams. They
understand that the real aim is to easily
connect and secure all the organisation's
resources, data and users in an agile, cost
effective and scalable manner.
GRADUAL CHANGE IS ACHIEVABLE
Many organisations still use legacy technologies
and networks that stifle growth, leaving IT teams
with hard-to-manage siloed technologies and a
more complex route to cloud adoption. Change
shouldn't be feared. While the larger telecoms
providers will tell their customers to stick out the
current chip shortage, there are gradual steps
that can be taken to remove dependence on
legacy networks. The key takeaway here is that
gradual change is achievable and acting now is
a positive way to stop adding to technical debt.
It's important to point out that migrating
applications to a cloud infrastructure requires
scale and performance. Achieving this can be
challenging due to limited visibility into the
network and the fact that each platform has
proprietary controls for networking and security.
This is where taking a different approach can
be beneficial. By consolidating multiple network
and security solutions into a single, cloud native
managed service, organisations can build a
digital foundation that will deliver greater agility,
flexibility and choice for the business. This
framework, known as Secure Access Service
Edge (SASE) allows IT teams to reach that goal
of eliminating the time and costs involved with
unnecessary network complexity and managing
multiple vendor contracts.
The components of SASE are not new, rather
they are well-established technologies that have
been around for a long time. Software-defined
wide-area network (SD-WAN), Secure Web
Gateway (SWG), Cloud Access Security Broker
(CASB), Firewall-as-a-service, and Zero Trust
network access (ZTNA). However, the SASE
approach takes this collection of technologies to
deliver a fresh, modern networking solution -
one that supports increased traffic, improves real
time communications, delivers secure cloud
connectivity and facilitates digital growth. This
reduces the administrative burden on IT teams
and facilitates cost savings compared to
traditional networking infrastructure.
With SASE, all traffic - no matter where it
originates from - can be tracked, cleansed, and
recorded. This level of detail provides
organisations with full control over which cloud,
technology and connectivity providers are
utilised. This means the right tool or
technologies can be selected in a timescale and
budget that meets their individual requirements.
Ineffective or expensive services and
infrastructure can be phased out more easily
and as the needs of the organisation evolve,
there is no reason to be tied to a vendor who is
delaying the project or isn't innovating.
EMBRACING CHANGE
SASE is all about enabling a simple and secure
access experience. Organisations need the
ability to provision scalable, secure connectivity
between their physical sites, on premise and
cloud environments, partner ecosystems and
remote workers. SASE delivers network and
connectivity solutions that behave and act like
the cloud, so that IT teams can get a site,
application or service online within minutes
rather than waiting weeks or months. As new
technologies emerge, a SASE approach can
deliver the scalability needed alongside a
solution that protects against data breaches and
threats, whilst also providing complete visibility
of the network, users and data for an optimised
user experience.
For most organisations, the skills and resources
needed to effectively manage their network and
security operations are in short supply. Look for a
partner that is well-versed in the movement of
critical data and secures it in transit, one that can
support you with the tools to future-proof
performance, reliability and the security of your
network. That way, no matter where you are in
your journey you can rely on your partner to help
you adopt SASE in a phased manner, at a pace
that suits your organisation, and which doesn't
cause disruption to staff or customers. NC
22 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

EVENT ORGANISERS:
Do you have something coming up that may
interest readers of Network Computing?
Contact dave.bonner@btc.co.uk
FORTHCOMING EVENTS
FORTHCOMING EVENTS
2022
FORTHCOMING EVENTS
27-28
SEPT
06
OCT
20
OCT
16-17
NOV
INTERNATIONAL CYBER EXPO
Olympia, London
www.internationalcyberexpo.com
CIO/CISO UK SUMMIT
Etihad Stadium, Manchester
https://bit.ly/3z7gRcc
CIO/CISO FRANCE SUMMIT
Paris, France
https://bit.ly/3IDLSHI
DATACENTRES IRELAND
RDS Dublin
www.datacentres-ireland.com

FEATURE: WAN PERFORMANCE
WAN ACCELERATION OR EDGE COMPUTING?
DAVID TROSSELL, CEO AND CTO OF BRIDGEWORKS, ON DELIVERING HIGHER WAN PERFORMANCE
The effects of the pandemic over the past
couple of years has hastened the move
towards digital transformation and the
cloud for many companies. Organisations
concerned for the safety of their personnel and
what shape organisations will look like in the
future, moved from a traditional capital
expenditure (CapEx) model, to a work from
home and operational expenditure- (OpEx)
based SAAS model. At the same time, there is
a push for IoT devices to monitor and manage
many aspects of our daily lives.
Asynchronous IoT devices only monitor and
report. Many of them are semi-synchronous,
meaning that they not only monitor but also
manage resolutions. However, they are not
time critical. Then there are the IoT devices that
offer fully synchronous monitoring, and which
enact resolutions immediately. These typically
use the cloud for reporting back to a central
collection and decision point. However, we are
seeing more sophisticated IoT applications that
are latency-sensitive and require considerably
more computing resources.
To support the time-sensitive aspect, many
have added an intermediate computing node
between the IoT device and the central cloud
compute and storage node. This can be on
premise of a locally-managed service provider.
CAPTURING DIGITAL
TRANSFORMATION
Laura LaBerge, a director at McKinsey &
Company of capabilities for digital strategy;
Kate Smaje, a senior partner; and Rodney
Zemmel, a senior partner at the firm, write in
their analysis of a survey entitled, 'Three new
mandates for capturing a digital
transformation's full value': "As organisations
continue to navigate an era of massive
uncertainty and disruption, digital tech is an
increasingly critical differentiator of both
strategy and performance. The actions of
today's best-performing companies reflect that
fact. For all other companies, three lessons
emerge: use digital tech to achieve strategic
differentiation on customer engagement and
innovation; build proprietary assets, such as
software, data and AI, then combine them with
a scalable, cloud-based architecture to create
a strategic advantage; and focus the quest for
digital talent on C-suite and other executives,
given the talent integration challenges that
many companies continue to face."
EDGE CONCERNS REMAIN
Part of the digital transformation equation -
particularly with the rise of the Internet of
Things - is the growing use of edge computing.
But while the pandemic has certainly led to a
growth in edge and fog computing, as with
digital transformation itself, some concerns
remain. With edge computing, there is an
increased number of attack points open to
cyber-attacks. Also, the distance from the IoT
devices creates limitations, and so there is a
need to put computing power into the edge
computing environment because of latency.
Nevertheless, much still depends on where the
'edge' is, and it very much depends on the
communications infrastructure. That aside, with
more storage and compute capacity at the
edge, organisations can implement AI
functionality, further reducing the workload at
the central cloud compute node.
With latency being a concern, to what extent
does edge computing rely on artificial
intelligence and machine learning to boost
WAN performance? Well, for example, the
pandemic has reshaped the way in which we
now consume entertainment. There has been a
massive transition from free to air television,
24 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

FEATURE: WAN PERFORMANCE
cable TV and cinema to streaming services
over the internet directly to the home. At
present, autonomous vehicles are also
nascent, and their foretold prediction is coming
to fruition. Whilst streaming services are a big
consumer of bandwidth, the individual data
volume and speeds are not that great. It's the
new high-volume applications that are causing
problems in transmission times both to and
from the edge. Even with edge undertaking
data validation, there are massive amounts of
data involved with each connected and
autonomous vehicle.
Traditional methods using compression and
deduplication techniques will struggle to move
this data between and across clouds - with
their inherent latency issues, as well as
requiring heavy compute capabilities. The only
option that can move this volume of data with
low compute overheads is WAN optimisation
that uses AI to manage the data flow. However,
it isn't capable of transferring encrypted data,
nor does it completely fulfil its promise in terms
of improving WAN performance.
WAN ACCELERATION BOOST
WAN Acceleration is, therefore, the answer,
and it's needed where you have a lot of data -
including where there is a certain amount of
edge computation that needs to go back to a
central location. That data includes what is
received and transmitted to and from
connected and autonomous vehicles, road
and smart city infrastructure.
There are two key factors that affect data
transmission over long distances - latency and
packet loss. Bandwidth is a factor as well, but
past 10-15ms of latency. So, adding more
bandwidth has little effect on data throughput.
WAN Optimisation, which uses dedupe
technology, is a great system if you are
transmitting data that you have already seen
(warm data), and when you have compressible
data streams. If the data is "new" (cold data),
then the process is typically slow. Every byte
sequence has to be inspected. With cloud data
that is transmitted over the internet, encryption
is a must. If the data is already encrypted then
WAN optimisation can only optimise the data if
it has the keys - it first has to decrypt, optimise
and re encrypt before it can transmit the data.
Storage and power means it requires a larger
edge node and therefore can increase costs.
WAN optimisation and compression
manipulate the data. WAN Acceleration
approaches the issue from a different angle:
the only way to reduce latency is to move the
two nodes physically closer together. So,
rather than manipulate the data, it manages
the data flow across the connection to
mitigate the effects of latency and packet loss
by using parallel data streams across the
network managed by AI. Utilisation and,
therefore, throughput, is 90%+ of the
network bandwidth.
As the data is not manipulated in any way, the
process is data agnostic and means there is no
need to provide keys. WAN Acceleration is
data agnostic and can transmit encrypted data.
So, the transmission rate is the same as every
other data type. Companies looking to deploy
digital transformation, edge computing, IoT
and the analysis of Big Data could benefit from
WAN Acceleration.
HIGHER WAN PERFORMANCE
My top 4 tips for achieving higher WAN
performance to enable the innovation for
digital transformation, edge computing and
IoT as a result of this are:
1. Remember that throwing more bandwidth at
latency and packet loss won't increase WAN
performance. This very rarely solves the issue
and only increases your cost. If your
throughput requirements aren't high and your
data is compressible, think about implementing
SD-WANs. Many of these have encryption and
WAN optimisation options.
2. Avoid, if possible, solutions that use UDP
as the transmission protocol. It tends to be
CPU intensive as it is trying to replicate a
TCP/IP protocol and tends to have a low
bandwidth capability - again increasing the
cloud node costs.
3. If your data is uncompressible or
encrypted and you have high latency links
with packet loss, the WAN Acceleration is an
optimum choice.
4. If network performance is key, select your
edge and central node capability on
network capacity.
Ryan Perera, Vice President, Asia Content &
Subsea Networks at Ciena, claims that the
world is now operating on a distributed cloud
computing environment. Consumer workloads,
enterprise workloads, and now even telco's
internal function workloads are being moved
to the cloud: public, private, hybrid; then there
is also the growth of edge computing.
"Edge computing is an important part of this
distributed cloud computing
environment…[and it is] a natural extension of
the core cloud", he writes in his article for The
Economic Times' Telecom supplement. He
believes there are several key macro trends that
will impact on the distributed cloud computing
world. They include the advent of 5G, the rise
in residential networks demand and the high
traffic across data centres.
In addition to his own predictions, it's
important to remember that when there are
multiple edge instances, SD-WANs are a great
technology. Bridgeworks has proved this with
one large, international IT security company,
and it has been shown that SD-WANs and
WAN Acceleration are very complementary.
They can work well together to support digital
transformation, IoT, cloud and edge
computing. SD-WAN performance is increased
with an overlay of WAN Acceleration with
solutions, such as PORTrockIT. To summarise, it
is not always an either-or case. Technologies
can complement each other. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards AUGUST/SEPTEMBER 2022 NETWORKcomputing 25

OPINION: IOT
HOW THE INTERNET OF THINGS IS
REACHING MATURITY
AFTER MANY YEARS OF HYPE, THE INTERNET OF THINGS (IOT) IS
FINALLY MATURING TO A POINT WHERE ORGANISATIONS ARE
TURNING STRATEGIES INTO REALITY AND PLANNING INTO ACTION,
ACCORDING TO PHIL BEECHER, CEO AND PRESIDENT, WI-SUN
ALLIANCE
This maturing of IoT comes across clearly
in Wi-SUN's recent IoT research study, a
follow up to the one we published in
2017. It's clear that IoT is a much bigger IT
priority for organisations than it was five years
ago. Half of the research sample - IT decision
makers in UK and US organisations across a
range of industries - view IoT enablement as a
top three priority for the next 12 months. It's
also most likely to be the single top priority
among respondents.
Implementations and the technology itself are
maturing and ambitions are growing. Decision
makers see their peers benefitting from IoT
initiatives and are looking increasingly to the
technology to differentiate themselves in the
market. More than 90% of respondents believe
that they must invest in IoT over the next 12
months to remain competitive.
IoT can help to make them more agile - a
key driver for adoption. This equips users to
meet volatile operating conditions during a
pandemic that has changed the operating
rules, and new challenges we face in a rapidly
changing world.
Businesses and public sector bodies need to
enhance their user experiences, both internally
and externally, as they look for new ways to
engage people in no-touch and remote
environments. This is especially true for smart
cities, which must find safe ways for
increasingly dense populations to co-exist
alongside each other.
CHANGING IOT INITIATIVES
Overall, plans to roll out IoT initiatives have
grown. In 2017, respondents were asked
about their plans to implement a series of
different IoT-related projects, and the
proportion stating that their organisation was
'very likely' or 'definitely' going to deploy them
within 12-18 months ranged from 57%-77%
across various projects. In 2022, this rose to
72%-87%.
While the use cases for utilities, including
distribution automation and advanced meter
infrastructure, remain popular, we are starting
to see new opportunities emerge both for
smart utility and smart city environments. Waste
management sensors, for example, which
could monitor bins and alert councils when
they need emptying.
With more vehicles on our roads and traffic
congestion a growing problem, it's no surprise
that traffic management is an area of
increased focus for smart cities adopting IoT.
More organisations are planning to implement
traffic lights and controls, with an 18%
increase, while smart parking saw the biggest
rise since 2017, with 77% planning to deploy
this, compared to 57% in 2017. It's clear from
the report that environmental and
sustainability-focused use cases are also
moving up the IoT priority list, particularly for
smart city initiatives.
With the global urban population predicted
to more than double by 2050, according to
the World Bank, we will see smart technology
playing an increasingly important role. This
includes devices like pollution sensors that
monitor air quality, acoustic sensors that
measure noise levels, and an electric vehicle
charging infrastructure that can cope with
growing demand for electric vehicles.
Two new initiatives on our list for 2022,
include water loss/leak detection and
mandatory carbon monitoring, with three in
four organisations planning to implement
these. The opportunities for savings and
increased efficiency in some of these use cases
are high.
But it's not just about environmental
26 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION: IOT
outcomes and efficiencies. Large-scale
streetlighting projects are being rolled out
across many cities, with three-quarters of
respondents planning to deploy streetlighting
projects in the next 12-18 months, up from
61% in 2017.
Such initiatives enable city developers and
municipalities not only to control energy usage
and costs across large installations, but also to
maintain safety and security for residents and
workers. Almost one in eight respondents in our
report cite improving citizen safety and quality
of life as a top driver for implementation.
DRIVERS TO IOT ADOPTION
When it comes to drivers to adoption, cost
reduction is still the top one, but the
motivations for implementing the technology
are shifting. Just 6% of respondents rank
reduction of operational costs as their top
driver in 2022, compared to 16% five years
ago. The focus, it seems, has shifted largely to
the need for competitive advantage, which
perhaps demonstrates a maturing of IoT
business cases, with organisations reimagining
the technology as a way to stand out in a
highly competitive marketplace.
We introduced some new potential drivers
this year, and one stood out; improving agility
and the ability to react to the market,
reinforcing the shift from internal efficiencies to
a more external, user-focused approach.
We saw another marked change
demonstrating a shift from simple cost
management to more sophisticated drivers
affecting external stakeholders. One in ten
respondents say that their top reason for
implementing IoT initiatives and processes is
that "everyone is doing it or thinking of doing
it". Five years ago, only one respondent cited
this as a reason. There's a sea change
happening here; as more organisations deploy
successful IoT projects and demonstrate the
benefits of investing in this technology, others
are taking notice.
RECOGNISING THE CHALLENGES
The journey to IoT maturity isn't without
stumbling blocks, however. Smart cities, utilities
and others adopting IoT still face challenges
that prevent them from fully implementing the
technology, but even these are shifting as their
goals and understanding evolve.
Our study has highlighted some interesting
developments. While the number of
respondents reporting extreme difficulty in
implementing IoT went up slightly to 17% from
14% in 2017, the number of people
experiencing no challenges at all also went up
to 14% from 9% in 2017. These increased
numbers eroded the middle ground. Those
experiencing only moderate difficulty fell 12%
to 45% in 2022 compared to 57% five years
ago. This suggests that as IoT projects continue
to mature, adopters are becoming more adept
at solving the easier problems while the harder
ones remain, or sourcing expertise that can
help them along the right path.
While some of the barriers to adoption are
certainly easing, others are increasing, as
companies comprehend the full implications of
designing and deploying an IoT solution. One
that stands out is IT infrastructure complexity,
concerns over which have risen by 10% in the
last five years.
As organisations look to more sophisticated
use cases for IoT, integration challenges will
naturally arise. IT and IoT have different
technical and operating characteristics,
ranging from the scale of implementation to
the remote management challenges involved
in IoT projects and data aggregation. It's
understandable to see concerns as the
approach to IoT migrates from discrete
projects to more strategic initiatives.
The much-reported shortage of technical
talent is more evident as companies realise the
complexity of creating and integrating IoT
solutions. In 2017, 34% of respondents cited
recruiting sufficient IoT talent as a challenge.
This has now risen to 41% in the latest report.
In 2022 and in a post-pandemic period,
organisations are also less able to devote time
or resources to IoT solutions in the face of other
challenges. Over a third of respondents cite a
need to reprioritise spending due to COVID-
19. This has a direct impact on funding
projects, with 35% of respondents citing
pandemic-related budget cuts as an issue.
THE ADVANTAGE OF OPEN STANDARDS
The biggest change for IoT adopters is the
importance of industry-wide open standards.
One reason for this increased focus could be
expansion. Companies that enjoyed benefits
from IoT projects early on might have become
more confident in the technology and explored
other complementary projects. A city that
deploys a smart lighting canopy, for example,
can then use this distributed infrastructure as
an integration point for other IoT initiatives,
such as air quality sensors and traffic
management. Open standards make it easier
to integrate new IoT equipment and software
with existing infrastructure, while lowering the
cost of further deployments.
IoT adopters are also thinking more about
keeping their connectivity options open by
supporting multiple network topologies. In the
latest report, 68% prefer a hybrid network
topology, supporting both star and mesh
configurations, up from 58% five years ago,
reflecting a move towards mesh-based
networking. Star topologies lost significant
traction, with 12% preferring it exclusively in
2022, down from 21% in 2017.
Five years ago, the market was less mature
with many smart city and smart utility projects still
in their infancy. Our latest research shows that
organisations are becoming more ambitious
and more sophisticated in their thinking - IoT is
now a bigger priority than ever. NC
To see the full Wi-SUN alliance report visit
https://wi-sun.org/iot-maturity-model/
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards AUGUST/SEPTEMBER 2022 NETWORKcomputing 27

AWARDS 2022
SPONSORED BY:
Photo gallery: https://flic.kr/s/aHBqjzYZk6
YouTube: https://youtu.be/X6IL_D5o2YA
The Network Computing Awards strike back!
After being delayed due to the July
rail strikes (perhaps we should've
presented Network Rail with an
award for 'Most Disruptive Network') we're
very pleased to report that the 2022
Network Computing Awards took place
on July 21st at the Leonardo City Hotel in
London. While the disruption and
rescheduling ultimately affected the
number of guests and nominees able to
attend on the night there was still a great
atmosphere at the evening awards
ceremony, as talkSPORT's Paul Coyte
revealed this year's winners assisted by
Network Computing's David Bonner.
Our 2022 winners include Fluke
Networks, who won the New Product of
the Year award for the FiberLert live fiber
tester, Brigantia, who were named
Distributor of the Year, and ExaGrid, who
took home a trio of trophies including
Company of the Year.
Over the following pages you'll find a
complete round-up of all of this year's
winners and runners-up. We'd like to thank
everyone who took the time to nominate
and vote online, our awards sponsors, and
all of our guests and nominees on the
night, and offer our congratulations once
more to all of this year's winners. We hope
to see you all again next year - ideally
without any more train strikes!
www.networkcomputingawards.co.uk
28 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

AWARDS 2022
NETWORK INFRASTRUCTURE PRODUCT OF THE YEAR
WINNER: Zyxel Networks - Zyxel XS3800
RUNNER-UP: Extreme Networks - Extreme IQ Site Engine
The XS3800 switch is suitable for network aggregation such as SMB or campus network that require low latency and high-density 10G
backbone architectures with basic routing capability. There are 16 dedicated 10G fibre ports and 8 Multi-gigabit combo ports that can be
used as copper or fibre making it flexible for your networks. The XS3800 is also Nebula Flex Pro, which allows you to easily switch
standalone management and intuitive Nebula cloud management platform with 1-year Pro Pack bundled anytime, with just a few clicks.
DATA PROTECTION PRODUCT OF THE YEAR
WINNER: Veritas Technologies - Veritas Backup Exec
RUNNER-UP: Cohesity - Cohesity DataProtect
With Backup Exec, you get a simple, powerful solution that ensures your business-critical data is never at risk of being lost, stolen, or
corrupted. And as your data management needs grow, Backup Exec seamlessly scales to meet them-providing confidence and cost-savings
over the long term.
The speed of recovery is also crucial. Backup Exec provides Instant Recovery and Recovery Ready capabilities for VMware and Hyper-V
virtual machines, and Instant Cloud Recovery with seamless failover for Microsoft's Azure Cloud in case of disaster. Support is also available
for other generic S3 compatible cloud storage solutions like AWS and Google.
TESTING/MONITORING PRODUCT OF THE YEAR
WINNER: Netreo - Netreo
RUNNER-UP: Endace - EndaceProbe Analytics Platform
Netreo's full-stack IT Infrastructure Management (ITIM) solution features AIOps and high-performance Network Performance Monitoring and
Diagnostics (NPMD) to empower enterprise and IT leaders with AIOps-driven observability, actionable insights, process automation, and
accelerated issue resolution. By having real-time intelligence on all resources, devices and applications deployed in cloud, on-premises and
hybrid networks.
Netreo users have the confidence to deliver more reliable and innovative internal and external customer experiences. Netreo is one of Inc.
5000's fastest-growing companies, trusted worldwide by thousands of private and public entities managing half a billion resources per day,
and available via subscription in on-premises and cloud deployment models.
TELEPHONY PRODUCT OF THE YEAR
WINNER: CloudCall - CloudCall
RUNNER-UP: MyPhones - Altos
CloudCall helps businesses solve challenges by bringing people and technology closer together. We're an intelligent phone system, that
captures the value of conversations and stores them within your CRM system; helping you to take control of your teams, work well from
anywhere and complete more tasks, faster.
As the only communications platform that's dedicated to businesses using CRM's, we work with some of the world's leading CRM systems
across the recruitment, sales, and customer service sectors.
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards
AUGUST/SEPTEMBER 2022 NETWORKcomputing 29

AWARDS 2022
STORAGE PRODUCT OF THE YEAR
WINNER: ExaGrid - Tiered Backup Storage
RUNNER-UP: Veritas - Veritas Backup Exec
ExaGrid Tiered Backup Storage has a disk-cache Landing Zone tier for fast backup and restore performance, and a repository tier for the
lowest cost long-term retention, as well as a scale-out architecture that ensures a fixed-length backup window as data grows, eliminating
forklift upgrades and product obsolescence.
In addition, ExaGrid offers the largest scale-out system in the industry-comprised of 32 EX84 appliances that can take in up to a 2.7PB full
backup in a single system, which is 50% larger than any other solution with aggressive deduplication, and offers the only backup storage
approach with a non-network-facing tier, delayed deletes, and immutable objects to recover from ransomware attacks.
REMOTE WORKING PRODUCT OF THE YEAR
WINNER: OneUp Sales - OneUp Sales
RUNNER-UP: Mitel - Mitel Teamwork
BEST SUPPLIER TO THE DATABASE
WINNER: Prism DCS
RUNNER-UP: Sudlows
Prism DCS provides solutions for the data centre including hot aisle containment, cold aisle containment, caging and data centre cabinets.
As the UK’s market leader, Prism has the right network rack, data or server cabinet for any application with secure online ordering and next
day UK delivery. Each Prism cabinet can be pre-configured to suit your requirements and a wide range of off-the-shelf server rack
accessories are available for both Prism PI and FI Range of cabinets.
Call: 01923 698231 email: sales@prismdcs.co.uk
NETWORK MANAGEMENT PRODUCT OF THE YEAR
WINNER: Perle Systems - IOLAN SCG LWM Secure Console Server
RUNNER-UP: Progress - Progress WhatsUp Gold
The Perle IOLAN SCG LWM Console Server is a hardware solution that provides Out-of-Band (OOB) access to securely reboot ITequipment
that has crashed or been powered down during network outages. The core idea is to preserve 24/7 network uptime by
establishing secure direct access to the USB, RS232, or Ethernet console management port of critical IT assets like routers, switches,
firewalls, servers, power, storage, and telecom appliances.
Disruption and downtime are minimised by providing better visibility of the physical environment and the physical status of equipment. This
ensures business continuity through improved uptime and efficiencies.
30 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

AWARDS 2022
EDUCATION & TRAINING PROVIDER OF THE YEAR
WINNER: CNet Training
RUNNER-UP: Mindflex
THE RETURN ON INVESTMENT AWARD
WINNER: Veritas Technologies - Veritas BackupExec
RUNNER-UP: OneUp Sales - OneUp Sales
Veritas Backup Exec is the enhanced 'go-to' application to protect your data with fast and effective protection or recovery. Ransomware
Resilience is just one of a number of vital data management tools available in the unified backup and recovery solution. Information is
perpetually in a fluid state and can be held on private, public or hybrid clouds in Microsoft, Linux, UNIX or virtual workloads. Integrated with
VMware, Microsoft and Linux platforms Backup Exec can protect one to thousands of servers and virtual machines from one user console.
DISTRIBUTOR OF THE YEAR
WINNER: Brigantia
RUNNER-UP: Nuvias
Formed from a management buyout from Claranet in 2016, Brigantia saw an opportunity to create a real value-adding cybersecurity and
communications distributor that could serve channel partners across the UK & Ireland.
Brigantia offers a complementary portfolio of market-leading vendors focusing on "layers" of protection. A portfolio that meets and exceeds
every customer need, but which also offers the best managed service features, support, recurring revenue opportunities and margin for
partners. An energised and award-winning team, led by Angus Shaw and headquartered in Ripon, North Yorkshire. Brigantia prides itself on
putting customer service at the forefront of everything they do.
RESELLER OF THE YEAR
WINNER: Storm Technologies
RUNNER-UP: 101 Data Solutions
Established in June 2000, Storm has grown from strength to strength as a focused IT value-added reseller. Our business aim is to deliver
exceptional service to our customers in corporate and public sector organisations. Whether you require developing a specific technology
strategy or just looking for some knowledgeable and friendly guidance, we maintain top-tier accreditations to ensure we can bring you the
best possible expertise and pricing. The success of your projects is what drives us. Our people and operations are second to none, we listen
to you and deal with your enquiry quickly and efficiently irrespective of the size of your business.
Storm Technologies are delighted to have won Reseller of the Year 2022 for another year running! We are incredibly proud of every member
of the team at Storm, our success wouldn't be possible without them.
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards
AUGUST/SEPTEMBER 2022 NETWORKcomputing 31

AWARDS 2022
NETWORK PROJECT OF THE YEAR
WINNER: Boras Stad / Extreme Networks
RUNNER-UP: The Inspiration Trust/Zyxel Networks
In partnership with NetNordic, Extreme Networks has established one of the largest cloud-managed network infrastructures in Borås Stad,
Sweden, transforming the municipality into a smart city. The new infrastructure delivers faster and more advanced connectivity, extending
secure public Wi-Fi for its citizens, local government, schools, and services, while automating and simplifying network management for the
IT team. The transition to smart cities is designed to provide more sustainable resources to residents, while improving quality of life and
fueling business innovation.
BENCH TESTED PRODUCT OF THE YEAR
WINNER: ExaGrid - EX84 RUNNER UP: Progress - Progress WhatsUp Gold 2022
ExaGrid stands tall in the enterprise data backup and disaster recovery market as its Tiered Backup Storage family of EX appliances deliver a
unique data protection solution with a sharp focus on performance and reduced storage costs
Enterprises looking for new ways to energise their data protection strategies and reduce ongoing storage costs will find this ExaGrid and
Commvault team provides an innovative solution. ExaGrid's scale-out architecture delivers huge, cost-effective backup capacities, its smart
Landing Zone provides a boost in performance, and combining its Adaptive Deduplication with Commvault's own highly efficient data
reduction technologies offers industry-leading storage savings.
HARDWARE PRODUCT OF THE YEAR
WINNER: Vertiv - Vertiv VRC-S Edge-Ready Micro Data Center System
RUNNER-UP: Endace - EndaceProbe Analytics Platform
Vertiv VRC-S is a micro data centre solution, fully assembled at the factory and designed specifically for IT edge applications. Available in
various configurations, the Vertiv VRC-S is delivered in days and installed in hours. Choose from four different cabinet sizes with two
separate cooling methods (split and self-contained) with back-up, and the option to integrate a UPS. Plus, an intelligent switched PDU,
including monitoring of all components, and a comprehensive software package completes the offer.
SOFTWARE PRODUCT OF THE YEAR
WINNER: Rohde & Schwarz Cybersecurity - R&S®Browser in the Box
RUNNER-UP: ExaGrid - ExaGrid Cloud Tier to AWS
Developed with the German Federal Office for Information Security (BSI), the fully virtualised R&S®Browser in the Box surfing environment
offers an innovative, multi-level concept for secure and convenient Internet surfing and optimum protection against malware for public
authorities and companies.
The virtual browser closes the "Internet" security gap by enabling a digital quarantine for attacks: malware is isolated before it even comes to
execution. Instead of detecting malicious code - as with antivirus programs - execution is prevented from the outset. All potentially
dangerous activities are isolated in a closed virtual browser.
32 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

AWARDS 2022
CLOUD BASED SOLUTION OF THE YEAR
WINNER: Juniper Networks - Mist AI
RUNNER-UP: Extreme Networks - Extreme Cloud IQ
Mist AI uses a combination of artificial intelligence, machine learning, and data science techniques to optimise user experiences and simplify
operations across the wireless access, wired access, and SD-WAN domains.
Data is ingested from numerous sources, including Juniper Mist Access Points, Switches, Session Smart Routers, and Firewalls for end-to-end
insight into user experiences. These devices work in concert with Mist AI to optimise user experiences from client-to-cloud, including automated
event correlation, root cause identification, Self-Driving Network operations, network assurance, proactive anomaly detection, and more.
THE INSPIRATION AWARD
WINNER: Andy Hirst - Sudlows
RUNNER-UP: Angus Shaw - Brigantia
As Managing Director of Sudlows, Andy heads the full critical infrastructure department. Andy has served as Chairman of the ECA ICCT and
is an incorporated Engineer and Fellow of the IET. Andy promotes the upskilling of young engineers and is a mentor for the IET, and holds
the uptime institutes' ATD and the TIA942 accreditation. Andy encoureages continual learning within his team and as a testimony to this has
recently studied and attained his MSc in Data Centre Leadership and Management. Andy's drive within Sudlows has lead him to open up
offices in the Middle East and India.
THE CUSTOMER SERVICE AWARD
WINNER: Prism DCS
RUNNER-UP: Veritas Technologies
Prism DCS is an award-winning data centre solutions provider specialising in the design, manufacture and installation of bespoke solutions
including hot and cold aisle containment solutions, security caging and data centre cabinets. We utilise expert in-house design,
manufacturing and installation teams to provide a high quality service with unrivalled lead times.
Call: 01923 698231 email: sales@prismdcs.co.uk
THE INNOVATION AWARD
WINNER: Veritas Technologies - Backup Exec's Ransomware Resilience
RUNNER-UP: Paessler - New sensors for PRTG
Veritas has introduced Ransomware Resilience in its latest release of Veritas Backup Exec, the leading data management and security
solution. Ransomware Resilience prevents data files on a wide range of media servers from being modified by unauthorised processes. It
uses AI processes to monitor and actively inform administrators about data attacks. This is just one of a number of vital data management
tools available in the unified backup and recovery solution.
Backup Exec provides Instant Recovery and Recovery Ready capabilities for VMware and Hyper-V virtual machines, and Instant Cloud
Recovery with seamless failover for Microsoft's Azure Cloud in case of disaster. Support is also available for other generic S3 compatible
cloud storage solutions like AWS and Google.
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards
AUGUST/SEPTEMBER 2022 NETWORKcomputing 33

AWARDS 2022
NEW PRODUCT OF THE YEAR
WINNER: Fluke Networks - FiberLert
RUNNER-UP: Trend Networks - LanTEK IV-S
The FiberLert from Fluke Networks is an elegantly simple and eminently safe testing solution that is designed to detect active fibre signals,
allowing it to be used to troubleshoot switch and host ports, transceivers, cables and polarity. It detects active signals in single-mode and
multimode fibre with an infrared range of 850nm to 1625nm and can be used for ports and patch cords, SM, MM, UPC and APC
connections. The FiberLert takes all the guesswork out of troubleshooting fibre activity, polarity and connectivity. It's very affordable and we
found it so simple to use - right-thinking network engineers won't leave home without it.
THE ONE TO WATCH COMPANY
WINNER: Vertiv
RUNNER-UP: Exclusive Networks
With a deep history of industry-changing solutions and a well-earned reputation for innovation, Vertiv and its partners continue to raise the
bar in the areas of power, cooling, access and control, monitoring, and manageability.
Driven by customer satisfaction Vertiv supports any application with an extensive service offering including installation, startup,
commissioning, maintenance, replacements, 24x7 remote monitoring and diagnostics,and much more. Vertiv offers the expertise you
need, the reliability you demand, and the resources only a global partner can provide.
PRODUCT OF THE YEAR
WINNER: Rohde & Schwarz Cybersecurity - R&S®Browser in the Box
RUNNER-UP: ExaGrid - Tiered Backup Storage
Browser in the Box offers proactive protection against cyber attacks. Thanks to the separation of the Browser from the rest of the PC, you and
your corporate network are protected against Trojans, ransomware, APTs and zero-day attacks. Java, JavaScript, Flash and the opening of
dangerous links are no longer a threat. Developed in cooperation with the BSI, R&S®Browser in the Box provides full virtualisation and
separation of Internet and intranet, delivering optimal protection against malware including harmful email attachments, along with the
proactive blocking of all telemetry services.
COMPANY OF THE YEAR
WINNER: ExaGrid
RUNNER-UP: Zyxel Networks
"We are honoured to win the Company of the Year award" said Bill Andrews, President and CEO of ExaGrid. "Our company is solely
focused on offering the best backup storage possible - by improving the performance, scalability, and economics of backup, and offering
the best customer support in the industry. Many thanks to everyone who voted for us and to the editorial team at Network Computing, we
are truly grateful."
34 NETWORKcomputing AUGUST/DEPTEMBER 2022 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

On-Prem Cloud Success Stories
IDC Interviews with Three IT Leaders Achieving Superior Cost,
Control and Competitive Advantage
Powered by Intel ®
Learn more at
www.supermicro.com/en/on-prem-cloud