NC Nov-Dec 2023

NETWORKcomputing
I N F O R M A T I O N A N D C O M M U N I C A T I O N S – N E T W O R K E D www.networkcomputing.co.uk
TO 5G - AND BEYOND!
Mapping the future of non-terrestrial networks
THE SASE CHOICE
Is SD-WAN the right fit
for hybrid working?
MOVING MONOLITHS
Monolithic application
modernisation
DDoS DEFENCE
Spanning security gaps
at the edge
NOVEMBER/DECEMBER 2023 VOL 32 NO 04

EVENT ORGANISERS:
Do you have something coming up that may
interest readers of Network Computing?
Contact dave.bonner@btc.co.uk
6-7
MAR
TECH SHOW LONDON
ExCel, London
https://www.techshowlondon.co.uk/BTC
FORTHCOMING EVENTS
2024
FORTHCOMING EVENTS
FORTHCOMING EVENTS
28
MAR
25
APR
25
APR
9
MAY
22-23
MAY
4-6
JUN
13
JUN
19
SEP
2-3
OCT
20-21
NOV
CIO/CISO NORDICS SUMMIT
Copenhagen, Denmark
www.cdmmedia.com/events
CIO/CISO UK SUMMIT
London
www.cdmmedia.com/events
CDO UK SUMMIT
London
www.cdmmedia.com/events
CIO/CISO BENELUX SUMMIT
Amsterdam, Netherlands
www.cdmmedia.com/events
DTX MANCHESTER
Manchester Central
https://dtxevents.io/manchester/en/page/dtx-manchester
INFOSECURITY EUROPE
ExCel London
https://www.infosecurityeurope.com/
CIO/CISO DACH SUMMIT
Frankfurt, Germany
www.cdmmedia.com/events
CIO/CISO IRELAND SUMMIT
Dublin, Ireland
www.cdmmedia.com/events
UC EXPO EUROPE
ExCel, London
https://ucxevents.io/ucexpo/en/page/ucexpo-home
DATA CENTRES IRELAND
RDS, Dublin
www.datacentres-ireland.com

COMMENT
COMMENT
MANAGING THE SKILLS SHORTAGE IN 2024
Predictions for the new year are as plentiful as Amazon deliveries in December, and
give us a sense of the challenges but also opportunities that lie ahead in the coming
months. The ongoing IT skills shortage seems to sit squarely between the two; an
ongoing challenge but also an opportunity to reinvigorate and reinvest in the workforce.
For Fred Voccola, CEO at Kaseya, the answer to the talent shortage may well lie in 'growing
your own' in 2024: "Invest in people early as opposed to relying on headhunting talent
from other companies and have a very strong internal talent growth and development programme.
Not only does it offer an alternative to hiring job hoppers who will hop again
shortly after being hired to their firm, but it creates a loyalty and a mutual reliance between
the employee and the company, that creates not only a great workforce, but also a great
company culture - one of reward and meritocracy. This type of strategy focuses more on
the individual's core skills potential, rather than their experience only."
However Charles Courquin, Sales Director, Symatrix, believes that we can best bridge the
skills gap by looking outward to managed IT services. "Businesses must now look externally
to help address the IT skills shortage and stem the significant financial losses being
incurred," according to Charles. "Managed services can provide proactive support to
organisations to understand their changing requirements and help drive value from their
investments, helping to fill the gaps that persist in-house."
REVIEWS:
Dave Mitchell
DEPUTY EDITOR: Mark Lyward
(netcomputing@btc.co.uk)
PRODUCTION: Abby Penn
(abby.penn@btc.co.uk)
DESIGN: Ian Collis
(ian.collis@btc.co.uk
SALES:
David Bonner
(david.bonner@btc.co.uk)
Julie Cornish
(julie.cornish@btc.co.uk)
SUBSCRIPTIONS: Christina Willis
(christina.willis@btc.co.uk)
PUBLISHER: John Jageurs
(john.jageurs@btc.co.uk)
Published by Barrow & Thompkins
Connexion Ltd (BTC)
35 Station Square,
Petts Wood, Kent, BR5 1LZ
Tel: +44 (0)1689 616 000
Fax: +44 (0)1689 82 66 22
SUBSCRIPTIONS:
UK £35/year, £60/two years,
£80/three years;
Europe:
£48/year, £85/two years £127/three years;
ROW:
£62/year, £115/two years, £168/three years;
Subscribers get SPECIAL OFFERS — see subscriptions
advertisement; Single copies of
Network Computing can be bought for £8;
(including postage & packing).
© 2023 Barrow & Thompkins
Connexion Ltd.
All rights reserved.
No part of the magazine may be
reproduced without prior consent, in
writing, from the publisher.
This is in response to a new survey conducted by Symatrix which polled 200 IT decisionmakers
working for large businesses. Nearly a quarter of those surveyed (22%) estimated
that IT skills shortages are costing their business more than £100,000 a year in recruitment
fees, temporary staffing, increased salaries and investment in lower-level employees to
bring them up to speed over time. As the skills shortage worsens, over three-quarters of
respondents polled (77%) said their organisation’s IT recruitment costs have increased over
the past three years, and nearly half (45%) say costs have risen by more than 10%.
Mark Appleton, Chief Customer Officer at ALSO Cloud UK, also believes that managed
service providers are well positioned to help companies navigate the talent shortage.
"Utilising this existing relationship for access to talent allows small to large businesses to
explore new avenues and revenue streams without risking their own operations," he commented.
"Additionally, trusting in the expertise of service providers who have retained and
fought for the right skills and quality of talent means that partnered companies can avoid
falling behind, gaining all of the benefits without fighting the battle against other competitors."
Whether the answer lies within or without, resolving the talent crisis should be high on
our list of new year's networking resolutions. NC
GET FUTURE COPIES FREE
BY REGISTERING ONLINE AT
WWW.NETWORKCOMPUTING.CO.UK/REGISTER
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2023 NETWORKcomputing 03

CONTENTS
CONTENTS
N O V E M B E R / D E C E M B E R 2 0 2 3
GREENER DATA CENTRES.....20
Michael McNerney at Supermicro outlines
the different methods data centre operators
can take to reduce their power consumption
SASE OR SD-WAN?...............12
Jonathan Wright at Global Cloud Xchange
explains how SASE could supplant SD-WAN
as the best infrastructure solution for our
new hybrid working reality
COMMENT.....................................3
Managing the skills shortage in 2024
INDUSTRY NEWS.............................6
The latest networking news
ARTICLES
ENSURING STORAGE SUCCESS FOR
THE NETWORK...............................10
By Tony Hollingsbee at Kingston Technology
MOVING MONOLITHS...................11
By Jon McElwee at iomart
NIS 2 COMPLIANCE........................16
By Steven Kenny at Axis Communications
IOT AND THE FUTURE OF
NETWORKING................................18
By Alan Hayward at SEH Technology
BOOSTING YOUR CLOUD
DEFENCE........................................30
By Anthony Webb at A10 Networks
THE MAGNIFICENT 7?....................31
By Kalam Meah at TP-Link
SPANNING SECURITY GAPS AT
THE EDGE..................................26
Roman Lara at NETSCOUT guides us through
the threat facing organisations that fail to
adapt ther DDoS protection at the edge
GLOBAL TRANSFORMATION
AND ASSET MANAGEMENT......24
Rentokil Initial enhances security compliance,
tracking and reporting across 25,000+ IT
assests worldwide with Lansweeper
TO 5G - AND BEYOND!......28
Keysight Technologies' Dylan McGrath gives
us an insight into the future of nonterrestrial
networks (NTNs) and the era of
democratised connectivity
ENGAGING AI FOR ENTERPRISE
SERVICE MANAGEMENT.................32
By Cullen Childress at SolarWinds
NECESSARY PROVISIONS................34
By Justin Day at Cloud Gateway
CASE STUDY
"MADE IN GERMANY" QUALITY,
TWO TIMES OVER........................14
macmon partner NetPlans has secured
leveling technology specialist ARKU against
malware attacks with macmon NAC
COMPANY PROFILE
NETALLY...........................................8
For decades, Netally's family of network test
solutions have helped to deploy, manage,
maintain and secure our networks
REVIEWS
NETALLY AIRCHECK G3 PRO.............9
MACMON NAC..............................15
HORNETSECURITY SECURITY
AWARENESS SERVICE......................19
ENDACEPROBE CLOUD..................23
04 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

INDUSTRY NEWS
NEWSNEWS
NEWS NEWS
NEWS NEWS NEWS NEWS
NEWS NEWS
Organisations set to increase Wi-Fi adoption in 2024
Wi-Fi 6, 6E and 7 top the list of wireless technologies that
network operators, ISPs, device and chipset vendors,
enterprises and other companies plan to deploy by the end of
2024 - ahead of CBRS, DAS and private 4G/5G. Furthermore,
confidence in investment across the sector is rising with 58%
saying they are more confident in investing in Wi-Fi compared to
a year ago even though the business model remains the most
pressing challenge for new deployments. 6GHz spectrum
availability also remains front of mind with two thirds deeming it
an important issue for 2024.
Those are two of the keys finding from the latest cross-industry
report by the Wireless Broadband Alliance, the global industry
body dedicated to improving Wi-Fi standards and services. Based
on input from 200 enterprises, governments, fixed and mobile
operators, vendors and other organisations worldwide, th WBA
Annual Industry Report 202 showcases how Wi-Fi technology
continues to evolve in ways that anticipate the needs of
consumers, businesses, enterprise verticals, smart cities and
service providers.
Tiago Rodrigues, CEO of the Wireless Broadband Alliance,
said: "The WBA Annual Industry Report 2024 is a must-read for
anyone wanting to know exactly where Wi-Fi is and where it s
headed. Market momentum is a theme in many of the key
findings. For example, 58% are more confident in investing in Wi-
Fi now than a year ago - up from 46% last year. Specifically,
survey respondents are stepping up investment in WBA
OpenRoaming, Wi-Fi 7 and city-wide public Wi-Fi. As WBA
celebrates its 20th anniversary, we look forward to the next 20
years of pioneering even more Wi-Fi technologies and use cases
and developing a robust trails programme for W-Fi 7 to take
innovation into 2024 and beyond." The WBA Annual Industry
Report 2024 is available now for free at:
https://wballiance.com/resource/annual-industry-report-2024/
Advanced graymail protection from Egress
Egress has launched its new graymail solution with full enduser
control, dedicated to improving employee productivity
and reducing the time administrators spend reviewing
incorrectly reported phishing emails. The graymail feature is
architected into Egress' inbound threat detection product,
Egress Defend, and integrates seamlessly into customers'
Microsoft 365 enivronments. Graymail is bulk solicited emails
which are generally low priority and not malicious phishing
attacks or unsolicited spam.
To tackle this drain on organisational resources, Egress has
developed an advanced graymail detection capability to remove
these unnecessary distractions, tailored to each individual's
preference. The technology leverages Egress' patented AI-based
phishing detection functionality, which uses zero trust models and
neural networks to prevent behavioral-based threats. Applying
this methodology, Egress surfaces priority messages within the
inbox, while segmenting graymail into a separate folder.
The graymail feature is easily customised by both individual
users and administrators. An interactive banner is added to each
message that is routed to the graymail folder, which provides a
simple workflow for employees to re-categorise emails and divert
them back into their mailbox. Users' preferences are
automatically learned by Defend, allowing them to customise
their own experience without any management overhead.
94% of U.K. CIOs see cybersecurity as a major threat
Astaggering 94% of U.K.-based CIOs have expressed serious
concerns about at least one cybersecurity threat, according to
new research from Opengear. The comprehensive survey
encompassed responses from 502 CIOs and 510 network
engineers in the U.S., U.K., France, Germany, and Australia. For U.K.
CIOs the primary cybersecurity concerns highlighted in the research
included malware (36%), spam and phishing (36%), ransomware
(36%), and insider threats (27%). Malware also emerged as a
significant threat for 37% of the surveyed U.K. network engineers.
While only 15% of U.K. CIOs reported social engineering attacks
as a threat, 23% of network engineers reported a higher level of
concern for this specific type of attack. U.K. engineers said that
insufficient investments are enhancing the risk of cyberattacks and/or
downtime (38%). This suggests that lack of budget spent on software
upgrades and network upgrades, for example, leaves organisations
more vulnerable to attack and has the potential to affect business
continuity, which is a high priority for 88% of CIOs globally.
06 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

INDUSTRY NEWS
"The skills shortage and insufficient investment in networks are two
factors that have combined to encourage cybercriminals to breach
businesses," said Gary Marks, President at Opengear. "Smart Out
of Band solutions enable organisations to manage their networks
at all times from local and remote sites, even during an outage.
Network engineers can make smarter, real-time decisions to
achieve consistent network resilience and unparalleled visibility, with
security and encryption features ensuring that management policies
remain continually enforced."
Vertiv collaborates with Intel on Gaudii3 liquide cooling
Vertiv is collaborating with Intel to provide a liquid cooling
solution that will support the revolutionary new Intel Gaudi3
AI accelerator, scheduled to launch in 2024. The Intel Gaudi3 AI
accelerator will enable both liquid-cooled and air-cooled servers,
supported by Vertiv pumped two-phase (P2P) cooling
infrastructure. The liquid-cooled solution has been tested up to
160kW accelerator power using facility water from 17°C up to
45°C (62.6°F to 113°F). The air-cooled solution has been tested
up to 40kW of heat load that can be deployed in warm ambient
air data centre up to 35°C (95°F). This medium pressure direct
P2P refrigerant-based cooling solution will help customers
implement heat reuse, warm water cooling, free air cooling and
reductions in power usage effectiveness (PUE), water usage
effectiveness (WUE) and total cost of ownership (TCO).
Zyxel call on schools to reconsider network their options
Zyxel Networks is urging the UK's schools and colleges that are
looking to upgrade their network infrastructure before their
end of the year and over the holiday period to broaden their
horizons and consider all the options and possibilities before they
make their crucial purchasing decisions. Budget pressure on
schools is growing. In September, the National Foundation for
Educational Research (NFER) warned that schools are having to
make substantial cuts due to extra financial pressures. Despite the
overall budget for schools increasing by £3.5 billion for 2023-
24, almost half (49 percent) of primaries, and 41 percent of
secondaries expect to see a deficit for 2022-23.
A recent study of UK trusts found that almost one fifth (19
percent) of chief executives lack confidence about their
financial sustainability in the future - a huge increase on last
year, when only 4 percent said they were not confident about
long-term finances. Fewer than half of respondents to the
National School Trust Survey, organised by the Confederation
of School Trusts (CST), said they felt very or quite confident in
their financial sustainability.
Rachel Rothwell, Senior Regional Director, UK and Ireland at
Zyxel Networks, said that as a result of all this pressure, schools
looking to upgrade their infrastructure need to give even more
consideration to IT investment decisions. "Schools and trusts were
already under massive pressure to make cutbacks and this year's
RAAC debacle has added to that. At the same time, they are
expected to provide the latest technology and ensure the online
safety of pupils. They are having to think long and hard about
how they can reduce costs without having an impact on teaching
and they now have very little room for manoeuvre.
"One area in which they can still make real savings without
compromising is in their choice of networking technologies. While
the official advice might be to purchase products from some of the
more expensive brand names, solutions from Zyxel and other
manufacturers can do just as good a job for much less investment."
Call for input for ScotlandIS state of the nation report
ScotlandIS, the membership and cluster management
organisation for Scotland's digital technologies industry, has
just launched its 16th annual industry survey with a call for
respondents from across the country. The survey provides an
annual health check for the industry, setting a benchmark for the
comparison of sector successes and challenges from year to year.
It also provides ScotlandIS members and non-members the
opportunity to highlight future issues they foresee affecting the
industry. Key findings from the 2023 survey included:
83% of companies surveyed expected to increase their
headcounts between 2023-24
The proportion of businesses recording turnover higher than £1
million increased from 22% in 2022 to 37% in 2023
Scotland's tech companies reported seeing the greatest
opportunities for their business in cyber security (46%), followed
by data analytics (45%), and artificial intelligence (43%).
Having first launched in 2008, the report was originally designed
to fill a gap as there were limited figures available relating to the
overall health, growth and development of the Scottish tech
industry. Since then, both the report and the sector have grown
significantly, with the 2023 version putting the value of the Scottish
digital sector's economic contribution at £6 billion.
Responses to the 2024 Technology Industry Survey are now
being sought from the Scottish tech sector before 25 January at
the link below. The feedback from the survey will then be used to
produce the annual benchmarking report for the Scottish tech
sector, which is due to be published in March 2024.
https://www.surveymonkey.com/r/ScottishTechSurvey2023
NEWS NEWSNEWS
NEWS
NEWS NEWS NEWS NEWS NEWS
NEWS
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2023 NETWORKcomputing 07

COMPANY PROFILE
COMPANY PROFILE: NETALLY
FOR DECADES, NETALLY'S FAMILY OF INNOVATIVE NETWORK
TEST SOLUTIONS HAVE BEEN HELPING ENGINEERS AND
TECHNICIANS BETTER DEPLOY, MANAGE, MAINTAIN, AND
SECURE TODAY'S COMPLEX WIRED AND WIRELESS NETWORKS
For more than 25 years, we have been the
#1 ally of network and security
professionals worldwide. We began by
making the world's first handheld network
analyzer - the LANMeter® - and have
continued as industry pacesetters ever since,
first as a business unit of Fluke Networks Inc.
then part of NETSCOUT Systems, Inc. Now, as
an independent company, NetAlly continues to
set the standard for portable network testing
and assessment. Our best-in-class tools deliver
the visibility needed to get the job done, fast.
WHAT WE DO
Our leading-edge tools work hard to get the
job done fast by:
Simplifying the complexities of network
testing
Providing instant visibility for efficient
problem solving and cyber security
assessments
Enabling seamless collaboration between
site personnel and remote experts
WHO WE SERVE
Your organisation relies on you to keep their
networks running and secure. And just like you,
we are reliable, practical, no-nonsense experts.
We are your behind-the-scenes partners. From
the smallest companies to the Fortune 100 and
across a range of industries, network
professionals around the world rely on our
tools to plan, deploy, validate, secure, and
troubleshoot wired and wireless access
networks and the devices that connect to them.
Whether you are a network or security
operations manager, engineer, technician or
admin, or a field service installer/system
integrator, you can rely on our tools to give you
the visibility you need to get your job done, fast.
NetAlly is proud to be represented by a
worldwide network of respected distributors
and resellers. If you would like to be a part of
our channel network, contact us at
sales@netally.com.
KEY PRODUCTS
CyberScope Handheld Cyber Security
Analyzer
The world's first handheld cyber security tool for
comprehensive site access layer cyber security
risk assessment. CyberScope offers
comprehensive cyber security risk assessment,
analysis and reporting for the site access layer
in a single, powerful, portable tool - including
endpoint and network discovery, wireless
security, vulnerability assessment (Nmap), and
segmentation and provisioning validation.
EtherScope® Portable Network Expert
Taking on the complexity of ever-changing
access networks, EtherScope nXG is a powerful
network analyzer & Wi-Fi 6 diagnostics tool
that helps engineers and technicians to quickly
deploy, maintain, monitor, and analyze Wi-Fi,
Bluetooth/BLE and Ethernet access networks.
Speed up your workflows and improve end
user experience with the industry's first complete
handheld analyzer for Ethernet network
troubleshooting and analysis, Wi-Fi 6/6E
surveying, and security audits.
AirCheck G3 Pro Wi-Fi 6 Wireless Analyzer
A cost-effective hardware-enabled wireless
analysis and site survey solution for Wi-Fi 6/6E
and Bluetooth/BLE networks. Its intuitive user
interface provides actionable intelligence,
simplifying and speeding up wireless security
audits, network deployment, troubleshooting,
and validation. With powerful tools suited for
wireless engineers, but ease of use for
technicians and remote "smart hands",
AirCheck G3 Pro makes your entire team
more productive.
LinkRunner® AT Network AutoTester
The LinkRunner AT Network AutoTester offers
user-configured AutoTests for a wide range of
important tasks for frontline technicians. This
network tester's quick cable test and switch
identification facilitate fast problem isolation.
Test results can be automatically uploaded to
the Link-Live results management cloud
service to improve collaboration between
network engineers and technicians, creating
greater job visibility, project control, and fleet
management. NC
08 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

PRODUCT REVIEW
NetAlly AirCheck
G3 Pro
PRODUCT REVIEW
PRODUCT
REVIEWPRODUCT RE
NetAlly has a fine reputation for
delivering desirable portable network
testing and diagnostics solutions and its
AirCheck G3 Pro will appeal hugely to
technicians and engineers maintaining wireless
networks. This ruggedised handheld device
takes many of the features from the secondgeneration
AirCheck G2 model and makes
them even better.
Its native Wi-Fi 6/6E radio brings visibility into
the 6GHz band where it can connect at its full
data rate and capture frames, and it provides
more information including short-term
monitoring facilities with real-time wireless
measurements and trend graphs showing
network changes over time.
Bluetooth/BLE device support has been added
and it enhances the standard site surveying,
analysis and troubleshooting tools with network
discovery, path analysis and integration with
NetAlly's Link-Live cloud portal for topology
mapping and remote control. The G3 Pro can
diagnose all day as battery life has been more
than doubled to 10 hours of continuous use
and charging speed boosted, so it'll reach full
capacity in no more than 3 hours
NetAlly chose to do away with the Ethernet test
port on the G2 for a number of sound reasons.
Its removal is the main reason battery life has
been extended and it allows NetAlly to offer a
more cost-effective solution to technicians
focused on wireless networks.
The G3 Pro also runs the same Androidbased
OS found in NetAlly's latest EtherScope
products. This will appeal to novices as well as
technicians and engineers - if they can use a
mobile, they can use the G3 Pro.
The 5in. colour touchscreen presents a
selection of icons for all tasks and you can
install other third-party Android apps. The
screen's FAB (floating access button) opens
floating action menus offering instant access to
further analysis tools related to the selected
task.
The G3 Pro is easy to use and we tapped on
its AutoTest icon to analyse the lab's Wi-Fi 6/6E
networks. This uses profiles with a default one
for fast air quality analysis, and you can add
Wi-Fi profiles with predefined tests covering
areas such as SSIDs, channels, AP details and
target connectivity.
After connecting the G3 Pro to our Netgear
WAX630E tri-band AP over its 6GHz radio, we
created a new Wi-Fi profile. We started it with
one tap and could set the G3 Pro to run its
AutoTests regularly as often as every minute.
The test only took 20 seconds and presented
a wealth of wireless information as 'cards' with
each one colour coded to indicate warnings or
errors. The SSID card revealed graphs and
tables for signal quality, channel utilisation plus
retries while a rolling PHY graph confirmed
speedy close-range transmission rates of
around 2Gbits/sec.
The Wi-Fi test shows discovered internal and
external wireless networks with the Channels
map screen offering an extra Map 6E tab. One
tap brings up masses of detail on all channels,
their active SSIDs and associated APs,
encryption schemes, all connected clients and
detected Bluetooth/BLE devices.
The AirMapper app runs Wi-Fi site surveys
and creates signal heatmaps which can be
uploaded to the Link-Live portal for further
analysis and sharing with colleagues. The base
kit includes a soft case, charger and one-year
AllyCare support, the Kit option adds an
external directional antenna and NXT-1000
USB spectrum analyser for even deeper insights
into wireless networks, while the TA kit includes
NetAlly's Test Accessory Pocket iPerf Server for
iPerf performance testing.
The AirCheck G3 Pro takes wireless network
analysis to the next level as it teams up support
for Wi-Fi 6/6E networks with a superb range of
diagnostics and site survey features. It's
extremely easy to use, integrates seamlessly with
NetAlly's Link-Live cloud portal and is very
affordable. NC
Product: AirCheck G3 Pro
Supplier: NetAlly
Web site: www.netally.com
Telephone: +44 (0)115 865 5676
Price: From £2,999 exc VAT
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER 2023 09
NETWORKcomputing
@NCMagAndAwards

OPINION: STORAGE
ENSURING STORAGE SUCCESS FOR THE NETWORK
TONY HOLLINGSBEE, SSD BUSINESS MANAGER, EMEA AT
KINGSTON TECHNOLOGY, LOOKS AT THE VITAL ROLE OF
STORAGE IN MAINTAINING NETWORK PERFORMANCE
and hardware encryption means that data is
secure at every stage of the transfer process.
5. These drives are tested on server platforms
with third-party and OEM RAID controllers to
guarantee their compatibility with hardware.
For organisations to maximise full value
from their data today they need to deploy
a range of technologies that give them
rapid access, reliable performance, control
and visibility. At the very core of this is storage.
With the volumes of data that are being
created, storage solutions have become an
essential foundation in the technology stack
and deserving of a needs-oriented strategic
approach during specification.
Network and infrastructure managers
understand that by upgrading data storage,
they are not only improving efficiency now, but
reducing costs and ensuring data utilisation for
the future. The deeper into digital
transformation that their companies move, the
more demand there will be to process high
quantities of data at low latency, delivering
optimum application performance and
enhanced user experiences.
Modernising data storage makes sense. The
continued use of legacy technologies can lead
to a loss of performance and reliability,
however, at a time when budgets are stretched
many organisations are looking for the best
ways to stagger their storage upgrades.
SWAPPING OUT DRIVES
One approach is to remove mechanical HDDs
and replace them with SATA SSDs, which are
now at their most competitive price. The instant
effect will be improved performance with rapid
system booting and application loading times.
If budgets allow a transition to the latest
generation of SSDs (PCIe NVMe) will
guarantee even better performance.
When planning for change, many
organisations are deploying a combination of
HDDs and SSDs configured within their
infrastructure to manage different workloads or
based on the type and size of the data being
stored. Frequently accessed files and data
could be stored on SSDs while archived files
are kept on HDDs.
By taking this staggered approach to
updating storage capacity, organisations are
benefiting from an improved Total Cost of
Ownership and reaping environmental benefits
without compromising on the network
performance that modern SSDs can deliver.
THE TOP ADVANTAGES OF
ENTERPRISE-LEVEL SSDS
There is a huge difference between SSDs
designed for use by enterprises, and those
for consumers:
1. Enterprise SSDs are able to manage a
higher volume of read/write operations over
their lifespans. They are designed to
withstand enterprise environments with
demanding workloads and constant data
access requirements.
2. The components in enterprise SSDs are
robustly built and can operate 24/7/365. They
incorporate power loss protection and data
path protection to prevent data loss.
3. High performance is derived from IOPs
consistency and predictable low latency
while servicing an intensive read/write
workload. As a result, they handle more I/O
operations per second, making them
appropriate for applications requiring
high-speed data access.
4. End-to-end data protection
For organisations who have already moved
away from HDDs, the next step is to switch
from SATA- based SSDs to NVMe-based
SSDs which are better suited for missioncritical
applications. The price of these
models have also come down, making them
highly cost-effective.
CONCLUSION
Storage decisions must be based on the
workloads and data access demands that the
organisation is managing. These might change
in time, so network managers will have to
consider balancing future needs against
current cost constraints. Consideration should
also be given to how upgrading or replacing
storage assets can help the company to meet
its broader goals and expand. Storage must be
seen as an integral part of the broader digital
transformation strategy if it is to be a success in
the future. NC
10 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION: CLOUD TECHNOLOGY
MOVING MONOLITHS
JON MCELWEE, CLOUD SPECIALIST AT IOMART, OFFERS A GUIDE TO TAKING THE COMPLEXITY OUT
OF MONOLITHIC APPLICATION MODERNISATION
Cloud technology has evolved at pace
over the last decade. From its origins in
the early 2000's when AWS created
one of the first public clouds, to today where
almost nine in 10 (89%) business are using the
cloud in some way. During that evolution,
cloud's capabilities have hugely expanded,
opening businesses up to new ways of
capturing data and using it to their
organisation's advantages, integrating
technologies such as machine learning and AI.
For many companies, however, the ability to
access these technologies and advantages is
being hindered by legacy systems - in
particular, monolithic technology stacks that
hinder agility and innovation.
MODERNISING MONOLITHIC
ARCHITECTURE
The shift from isolated working methods to a
microservices environment provides
organisations with a range of benefits, but the
transition itself can be daunting. Large
businesses with decades old technology stacks
may feel overwhelmed at the thought of
transitioning to microservices, and the time
investment required to do so. But with the
correct planning and support, it doesn't have
to be an arduous task. So, how can businesses
make the shift?
The first necessary step is to break down an
organisation's existing monoliths into
manageable components. This modular
transition reduces the risk of disruption to
essential services while allowing the gradual
adoption of microservices.
To achieve smoother transitions and align
changes with business objectives, development
and operations teams need to collaborate
effectively. This is what DevOps principles
enable. However, moving to microservices also
involves a thorough evaluation of the existing
technology assets, to determine what needs to
be migrated and what can be
decommissioned, as well as a realistic
assessment of the organisation's capabilities,
for a successful migration.
Data migration, security and compliance are
essential aspects of this. Legacy systems may
contain years of valuable data, so ensuring its
smooth migration while preserving data quality
is crucial.
DEALING WITH OLD DATA
It's tempting for businesses that are
considering modernising their monolithic
architecture, to do so once they're in the
cloud. As a result, they'll conduct the lift and
shift and then start on the optimisation
process. This can work for many businesses -
particularly larger ones with a considerable
number of workloads - but for most it's a costly
process which involves paying for unnecessary
storage. As such, one of the most important
aspects of modernisation is conducting the
due diligence before the lift and shift, to
understand what legacy data needs to be
migrated and, crucially, what doesn't.
In these cases, conducting Microsoft's Cloud
Adoption Framework (CAF) before the lift and
shift can be very beneficial. This is where
businesses create a cloud blueprint before
making the transition, to figure out whether
certain workloads need refactoring,
rearchitecting, resizing or rehosting. This
ensures any transition to the cloud is done in
the most optimised way.
It's also possible to adopt a hybrid approach,
which combines both a CAF as well as the lift
and shift. This allows IT teams to break down
applications in a manageable way, while still
enjoying the benefits that having data stored in
the cloud can offer. Microservices architecture
is not a universal solution. Businesses with a
strong need for agility, scalability, and rapid
innovation will gain the most from it.
FINAL THOUGHTS
Businesses undergoing digital transformation
by modernising monolithic architecture are on
the right path towards leveraging the true
benefits of cloud technology, but the process of
getting there doesn't need to be complex.
Working alongside trusted consultants who
understand and have experience of the unique
challenges posed by legacy systems, ensures
any transition to a microservices environment is
effective and efficient - both from a time and
cost perspective.
The cloud technology we have available to us
today has never been better. It's time for
businesses to benefit from that. NC
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER 2023 11
NETWORKcomputing
@NCMagAndAwards

OPINION: SASE
IS SD-WAN THE RIGHT FIT FOR A HYBRID WORKPLACE?
JONATHAN WRIGHT,
DIRECTOR OF PRODUCTS
AND OPERATIONS AT GLOBAL
CLOUD XCHANGE (GCX),
EXPLAINS HOW SASE COULD
SUPPLANT SD-WAN AS THE
BEST INFRASTRUCTURE
SOLUTION FOR OUR NEW
HYBRID WORKING REALITY
We have seen increased adoption of
SD-WAN technologies over the last
few years as a means of
strengthening connectivity, reducing costs,
and gaining greater control and visibility of
networks. In fact, one recent study
highlighted how 95 percent of enterprises
have either already deployed SD-WAN or will
do so over the next 18 months.
But SD-WAN was designed for pre-
COVID working conditions that were mostly
office-based whereas, post-COVID, hybrid
working has become the norm. What most
IT directors don't realise is that the benefits
of SD-WAN in a fixed workplace -
increased network visibility, flexibility and
security enforcement - don't translate for
remote working.
Given the levels of investment that have
already been made in SD-WAN, many
organisations are looking into SASE (Secure
Access Service Edge) frameworks to add to
their existing deployments - although some
are still making a full transition.
12 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION: SASE
THE DRIVERS FOR SD-WAN
With the growing migration of applications
to the cloud, we have seen increased levels
of SD-WAN adoption. SD-WAN deals with
centralisation and automation, as it
effectively optimises application traffic and
supports reliable access to applications in
the cloud. SD-WAN also reduces vendor
lock-in, as organisations can mix and
match software and hardware from different
providers with centralised control at the
software level. Which, in turn, enabled
companies to do more in the cloud.
But instead of being built around users,
SD-WAN architecture is tailored around
how a particular facility or site accesses
applications and services located on the
corporate network, in the cloud, or in a
data centre. When designed, most users
were expected to work on-site with traffic
routed through a dedicated WAN or LAN
port. Remote working was generally
supported by a handful of gateways across
the world with associated VPNs. The
experience was slower and less flexible than
in the office, but at that time remote
working wasn't as widespread and,
importantly, this approach still supported a
secure connection to their office.
LOSING SIGHT OF THE SECURITY
RISKS
Hybrid working models are now the norm,
and the experience of working in the office
must be replicated whether users are at
home or on the move. This means giving
users the flexibility and freedom to work
securely on any device, in any location.
This model requires scalable networks and
security policies - not just to support a
working anywhere culture, but so corporate
policy and configurations can be applied
for remote workers as they are on-premise.
This is important because any data sent
from a remote device could be unprotected
while in transit to the cloud, which
effectively turns SD-WAN into a security risk
in a hybrid work environment.
Visibility also presents an issue. For an
office, the analytics and reporting process
are simple because all traffic flows through
a single network device. However, with
remote working, people use their own
broadband, and sometimes their own
device, leading to a loss in visibility.
The outdated, decentralised model means
it's impossible to collect data for every
packet centrally and report on statistics such
as bandwidth consumption, security
compliance, or traffic flows to applications
in the cloud. This lack of visibility presents
significant security concerns as without the
ability to track which resources users are
accessing, organisations are increasing the
shadow IT landscape and unnecessarily
inviting new risks to their networks.
SPEED AND EASE OF PERFORMANCE
Over the years there has been significant
investment in SD-WAN, which is perhaps
why most companies seem reluctant to
move away from the technology
completely. Instead, they want to find a
way to make the existing infrastructure
work for hybrid working. And as a result, I
predict that in just five years we'll see SD-
WAN used as an access technology with
most of its current functionalities shifting to
a SASE overlay framework.
The potential performance and security
benefits are huge. With data routing
through a centralised SASE framework,
users can become truly device and
location-agnostic without compromising the
security and compliance of the data for the
packet's entire journey. With some providers
offering hundreds of SASE gateways across
the world, it also supports more localised
access to reduce latency. And, it even
improves the connection between public
and private network services, as the
centralised design negates the need for the
installation of a transitory SD-WAN hub.
SASE also enables network
administrators to monitor and analyse
traffic flows and application performance
in real-time, at a regional, brand or even
user level. Simplifying data visibility with
one centralised framework enables
administrators to reduce the number of
tools they need to monitor performance;
they can now view network performance
and how it connects with specific
applications, as well as whether the data
is secured and compliant on one single
platform. This improves the speed at
which issues can be discovered, assessed,
and resolved.
And of course, that's without considering
the quality and cost. Undoubtedly, the
ability to deliver high-quality networking
over cheaper internet circuits was a key
driver for SD-WAN adoption. Yet, it still
required relatively expensive licenses and
hardware. So even with though the total
cost of ownership (TCO) came down, the
reliance on specialist hardware and
licence fees persists.
Many Internet telco circuits have fallen
considerably in price, and sometimes now
offer a more affordable solution overall with
better performance than SD-WAN on a
cheaper circuit. But with SASE there are
more cost optimisation opportunities as it
only needs a secure connection to a device
which supports SSL or IPsec.
PERFORMANCE AND PEACE OF
MIND
Whether using a public, private or hybrid
network, and no matter what the location
or device, SASE augments the visibility and
security of data as it moves across their
global network. This not only improves
performance, but it critically offers
organisations true peace of mind. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2023 NETWORKcomputing 13

CASE STUDY
"MADE IN GERMANY" QUALITY, TWO TIMES OVER
MACMON PARTNER NETPLANS HAS SECURED LEVELLING TECHNOLOGY SPECIALIST ARKU AGAINST
MALWARE ATTACKS WITH MACMON NAC
Founded in 1928, the family-owned
company ARKU Maschinenbau GmbH
has become the world market leader in
levelling technology, with over 50 years of
experience to call on. ARKU offers the
largest selection of high-performance and
high-precision leveling machines as well as
deburring and rounding machines.
In the last few years ARKU has faced an
increasing number of malware attacks.
However, by working closely with the
Freiburg branch of the IT systems house
NetPlans, it has introduced extensive
measures to defend itself. It its search for
reliable and scalable network protection, it
quickly became clear that macmon NAC
was the right option.
NetPlans is a Platinum macmon partner with
certified and continuously trained macmon
experts who have provided first-class support
for their customers - especially from the SME
sector - with the implementation of a huge
number of projects.
RADIUS AUTHENTICATION PROVIDES
EVEN MORE SECURITY
To authenticate endpoints, ARKU uses
macmon's integrated RADIUS server to make
the decisions on granting access. As the ID or
means of authentication, a number of
different properties can generally be used,
such as the MAC address, user
name/password or certificate. Since the
network is not accessed by the system until
the RADIUS server has confirmed it, there are
no unused or insecure ports, which increases
security significantly. While granting access,
the IT team can define and specify additional
rules for the switch to implement. If the switch
is technically capable of doing so (layer 3), a
specific VLAN, defined ACLs or almost any
other attributes can be assigned in this way.
An access control list (ACL) limits access to
data and functions. The ACL determines the
extent to which individual users and system
processes have access to certain objects such
as services, files or registry entries. "We use a
variety of security solutions in our company,"
said Felix Pflüger, IT & Digitisation Team
Leader at ARKU. "Thanks to macmon NAC,
we always have oversight over our extensive
IT infrastructure. Our switches are
administered via SNMP and
RADIUS, meaning macmon sets
the appropriate VLAN on the
switch port, or the port is
blocked if there are unknown
devices. That prevents
unauthorised devices from
gaining access via network
outlets, for example."
VISITOR MANAGEMENT
MADE EASY
Frequent visits by customers
and suppliers present
companies with the challenge of preventing
these users' end devices from accessing the
company's internal network. The functions of
the "Guest Service" module provide an
intelligent and flexible management system
for any external device with a granular guest
ticket system for controlling temporary LAN
and WLAN access.
Since the number of external visitors was
manageable during the Coronavirus period,
the IT department was responsible for deciding
whether or not visitors were granted access. In
the future, however, this task will be delegated
to authorised employees with the macmon
guest portal. Without having to deal with the
macmon NAC administration, they can
generate access data directly in the portal or
confirm visitors who have registered themselves.
The resources shared and the duration of
access can be defined while creating the access
data, ensuring each visitor can access only the
specific resources approved for them. For
instance, a service technician who has to
maintain machine equipment has different
access rights than a customer who is visiting the
company for a meeting.
CONCLUSION
"Using macmon NAC and the macmon guest
portal has allowed us to significantly improve
our network security and endpoint
management," said Felix Pflüger. "In our region,
the macmon Platinum partner NetPlans is our
expert implementation and support partner for
issues related to IT infrastructure and security,
which have been improved over the years and
maintained at the highest standard. Only by
continuously optimising existing solutions can
intelligent attacks be successfully repelled in the
long term. The rollout of macmon NAC in the
US was a success; further projects are in the
pipeline." NC
14 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

PRODUCT REVIEW
macmon NAC
PRODUCT REVIEW
PRODUCT
REVIEWPRODUCT RE
Despite the undeniable security benefits
many businesses find implementing a
network access control solution
challenging, as all too many are complex
and time consuming to install and difficult to
manage. The German company macmon
secure GmbH stands out from the crowd as
its NAC product is designed to be simple to
deploy and maintain while its smart agentless
architecture means it can be protecting your
network from day one. It doesn't require
agents or sensors as it queries all your
manageable switches and uses methods such
as SNMP, REST or Telnet/SSH to find out
which network devices and connected
endpoints are in the network.
The macmon NAC appliance also offers its
own embedded RADIUS server for
authentication to fully support the industry
standard 802.1X while making it much simpler
to adopt. The above mentioned protocols are
also being used to enforce NAC controls,
which is why it is not only compatible with
informational technology but can also secure
operational technology (OT) networks with all
their legacy systems.
This simple approach has major benefits
in the battle to control what macmon
classifies as UFOs (unidentified frightening
objects). These could be an intruder, an
employee's access point being used to build
their own Wi-Fi network, or something as
simple as a workstation.
macmon NAC can see all endpoints
regardless of whether they are a desktop PC, a
BYOD, a controlling unit of an industrial facility,
or the laptop of a service technician. This
network overview is extremely valuable for both
homogeneous and heterogeneous
infrastructures and large non-transparent
networks, which can often be found in the
manufacturing or the automotive industry.
Mobile user controls are particularly good as
macmon NAC can identify them irrespective of
which network switch or Wi-Fi device they
access, and uses whitelists to determine what
access levels they are allowed. Furthermore,
macmon NAC is manufacturer-agnostic, so it'll
work with any manageable switch, and can
scale easily as the network expands, allowing it
to work with the latest IT systems as well as
long-established operational technologies.
We found deployment swift as we installed
macmon NAC on our VMware vSphere host in
ten minutes. The web console is easy to use,
and our first task was to create a list of
credentials for our monitored switches where it
defaults to SNMP.
macmon NAC gathers information about all
network devices and endpoints and their
attributes such as MAC and IP addresses and
their names using (amongst others) ARP, DNS
and DHCP as well as OT specific protocols.
These may be added to a list of 'known'
endpoints in the console and assigned to
groups such as PCs, mobiles and guest
devices, which in the simple mode even
enforce up to three levels of authentication
and related authorisation.
Any new endpoints that macmon NAC
discovers are considered unauthorised and
policies are used to determine what access
levels they should have - if any. Predefined
rules make this even easier as they can block
these devices, dynamically manage VLAN
membership and present guest users with
custom captive web portals.
The macmon VLAN Manager is a powerful
instrument to roll out as it automatically
maintains a zoning concept in big production
facilities or other industrial contexts, which is a
requirement of many security regulations such
as IEC 62443 or even ISO 27001. The
Premium bundle enables full compliance
scans on endpoints and offers even more
integration options to gain additional status
from third-party tools.
macmon NAC is very amenable as it generally
integrates with a wide range of third-party
security solutions and even offers a framework
to simply add your own integrations. NC
Product: macmon NAC
Supplier: macmon secure GmbH
Tel: +49 30 23257777-0
Web site: www.macmon.eu
Sales: info@macmon.eu
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER 2023 15
NETWORKcomputing
@NCMagAndAwards

SECURITY UPDATE
COMPLYING WITH THE NIS 2 DIRECTIVE TO HELP SECURE CRITICAL ASSETS
STEVEN KENNY, INDUSTRY
LIAISON, ARCHITECTURE &
ENGINEERING, AXIS
COMMUNICATIONS,
EXAMINES THE LATEST
CYBERSECURITY
COMPLIANCE REGULATION -
THE NIS 2 DIRECTIVE - AND
WHAT SECURITY BUSINESSES
SHOULD BE DOING TO
PREPARE FOR IT
The European Parliament adopted the
NIS 2 Directive (NIS 2) in November
2022 and a planned UK alignment is
set to follow. NIS 2 replaces and repeals the
NIS Directive that established cybersecurity
requirements for the operators of essential
services (OES) and digital services providers
(DSP). It modernises the existing legal
framework in the EU to keep up with
increased digitisation and an evolving
cybersecurity threat landscape, and will
improve cybersecurity risk management and
introduce reporting obligations across a
number of new sectors and entities.
With an October 2024 deadline by which to
adopt and publish the measures necessary to
comply with NIS 2, it's important to determine
what this means for security businesses
working with, or wishing to work with,
affected companies. A network camera, for
example, while used for both security and
operational means across a range of
industries that may come under the NIS 2
Directive, is not classed as a critical asset.
This technically places it outside the Directive's
scope. Yet such a device nevertheless
represents a vulnerability through which a
malicious threat actor could launch an attack.
What steps, then, should security businesses,
their partners and customers be taking to
ensure compliance?
DEMONSTRATING CYBER MATURITY
The new directive eliminates the distinction
between OESs and DSPs, instead it clarifies
businesses as either essential or important
and uses a size-cap rule to determine which
medium and large-sized entities fall within its
scope. To comply with NIS 2 a holistic
16 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

SECURITY UPDATE
approach is required that considers all
possible threat vectors. It is expected that
those businesses that need to comply with NIS
2 will have to carry out a greater level of due
diligence on their technology partners. As part
of this evaluation process and a vendor risk
assessment, it is highly likely that policies and
processes will play a much greater role.
Securing a network, its devices, and the
services it supports requires active
participation by the entire vendor supply
chain, as well as the end-user organisation.
For the physical security industry, working
closely with customers and other stakeholders
will help to ensure a joined-up approach that
everyone can agree on. Dedicated tools,
documentation and training will help mitigate
risks and keep products and services up-todate
and protected.
Equally, end-users will now be seeking to
work with those suppliers and / or vendors
who follow appropriate policies and
processes, as well as holding third-party
certifications. It's therefore imperative that
physical security businesses can
demonstrate, for example, that they adhere
to a Vulnerability Management Policy, hold
certification for ISO/IEC 27001 for
Information Security Management Systems
(ISMS), and Cyber Essentials Plus
accreditation.
DEVICE AND SYSTEM CONTROLS
AND HARDENING
Product integrity controls and features help to
ensure that both hardware and firmware are
protected from unauthorised change or
manipulation. Signing a firmware image with
a private key prevents firmware from being
installed or upgraded without presentation of
the appropriate credentials. Additionally,
secure boot, based on the use of signed
firmware, consists of an unbroken chain of
cryptographically validated software, starting
in immutable memory, that ensures a device
can boot only with authorised firmware. A
move to the use of signed video ensures that
video evidence can be verified as
untampered, making it possible to trace the
video back to the camera from which it
originated and verify that the video has not
been modified or edited.
The use of system hardening processes aims
to protect and secure devices and systems
against cyberattacks by reducing the attack
surface - essentially protecting all possible
points of entry that could be used by an
attacker. Creating strong passwords,
removing or disabling all superfluous drivers,
services, and software, and setting system
updates to install automatically are all
recommended approaches. The likelihood of
unauthorised or unauthenticated user access
is further reduced by applying a Zero Trust
policy, in line with the National Institute of
Standards and Technology's (NIST) risk
management framework which promotes a
never trust and always verify approach to any
request for systems access.
While it is very unlikely that physical security
systems will be classed as a critical asset as
far as the scope of the NIS 2 Directive is
concerned, it is important that organisations
consider a holistic approach during the
scoping of such technology. Physical
security businesses, working closely in
partnership with supply chains and
customers, can deliver a system that is
secure from both a physical and
cybersecurity perspective, while
helping to meet NIS 2 requirements.
Stringent security measures, backed
by policies and processes, tools,
documentation and training, will
help reduce risk and keep customers
protected.
The NIS 2 Directive - Axis briefing
paper to support cybersecurity
compliance: https://www.emeacomms.axis.com/nis-2-directivebriefing
ABOUT STEVEN KENNY
Steven Kenny has spent 18 years in the
security sector in roles that have seen him
take responsibility for key elements of
mission critical, high-profile projects across
a number of different vertical markets. His
current role sees him lead a team of
Architect and Engineering managers across
the EMEA region whilst supporting various
industry associations and standards
organisations. He currently sits on the EMEA
Advisor Council as the emerging technology
lead for TiNYg (Global Terrorism
Information Network), and on various
standards committees to support IoT
security, as well as the BSI Private Security
Management and Services. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2023 NETWORKcomputing 17

OPINION: IOT
IOT AND THE FUTURE OF NETWORKING
ALAN HAYWARD, SALES AND MARKETING MANAGER AT SEH TECHNOLOGY, LOOKS AT THE
OPPORTUNITIES POSED BY IOT AND ASSOCIATED TECHNOLOGIES, THE IMPORTANCE OF RELIABLE
NETWORKS IN THIS NEW ERA, AND HOW INTEGRATIONS CAN BE SUCCESSFUL
The Internet of Things is transforming
networking by connecting the digital
and physical worlds in new ways.
Wired and wireless networks are changing
how we live and work, and as a result the
traditional networking model is gradually
fading away. IoT consists of physical
devices that include sensors and software,
that connect and exchange data with
other IoT devices over the networks
and/or the wider internet. There are
already many examples of IoT
applications in existence today in the
home, businesses and transportation.
The potential of IoT doesn't just lie in its
ability to connect physical objects but in
how it can enrich the digital world with
new sources of data and information.
Human environments can be far better
understood through the data created by
IoT devices and then analysed, to identify
patterns and conclusions. IoT has so
many applications and use cases that are
yet to be explored and as physical
devices become more compact and
networks more advanced, those
opportunities will multiply.
BUILDING RELIABLE NETWORKS
The evolution of networking and the
emergence of IoT will place a strain on
both existing and new networking
infrastructures. More devices will lead to
more data being transmitted over
networks at increasing rates and speeds.
ericsson expects the number of IoT
connections to increase from 13.2bn in
2022 to 34.7bn in 2028 with a CAGR of
18%. The numbers clearly state that the
IoT evolution is already well underway,
and networks need to be ready to handle
the forecasted increases in connections.
Today, networking is such a foundational
element of life that there's an expectation
for infrastructures to be reliable. The
modern world moves at such a pace, that
opportunities are missed as a result of
poor connections and slow speeds. 5G
for example is still yet to prove itself and
gain penetration in the wider market.
Edge computing is seen as one way to
improve reliability by moving computing
and storage resources closer to where
data sources are, rather than data being
transmitted to data centres and more
centralised resources. Edge computing
can ease congestion, improve latency and
increase bandwidth. All of this requires
monitoring and other adaptations to be
successful, but edge computing offers so
many opportunities to help transform IoT
and networking for the better.
TAKING INTEGRATION TO THE
NEXT LEVEL
In order to adapt to changing networks,
organisations will need to build
innovative solutions with open standards
to connect legacy devices to evolving
network infrastructures. There's a risk that
some will be left behind in this new era.
The reality is that legacy devices will
continue to play a pivotal role in the
coming years, and some organisations
for security and operational reasons
prefer to use them.
Integrating legacy devices into changing
networking infrastructures will require the
use of intermediary devices for dongles,
USB devices, printers and industrial
solutions. Such devices can then be
controlled and managed remotely, to
ensure that they continue to effectively
serve user needs. Events can be rapidly
diagnosed and repairs can take place to
ensure the maximum uptime of
peripherals. The next era of networking
won't just be dependent on the success of
new technologies but also on how legacy
systems can function over new network
infrastructures. Legacy devices won't
disappear for many years and will be very
much part of the future too.
The future of networking will bring with it
so many possibilities and challenges to be
overcome. For the future to be a success,
networks will need to be reliable - and
legacy devices can't be forgotten in the
process. The challenges of the past and
how they are solved will be crucial to the
future of networking and IoT in an everevolving
digital world. NC
18 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

PRODUCT REVIEW
Hornetsecurity
Security
Awareness Service
PRODUCT REVIEW
PRODUCT
REVIEWPRODUCT RE
Cybercriminals never sit still and are
always looking for new ways to outwit
businesses and breach their security
controls. Email spear phishing is still one of the
most successful and prevalent forms of attack,
so businesses must be more robust in their
defences and stop seeing staff as just another
security risk.
Security Awareness Service (SAS) from
Hornetsecurity is an innovative solution that
turns staff from a potential liability into an extra
defence layer. Using Hornetsecurity's patented
Spear Phishing Engine (SPE), it tests and e-
trains them in attack recognition and
avoidance techniques.
SAS goes further than many competing
solutions as, instead of merely providing
templates to help build phishing scenarios, the
SPE does it all for you by automatically creating
realistic simulated phishing emails, based on
the most current types of attacks.
Even better, it employs its Awareness Engine
and patented Employee Security Index (ESI®)
to regularly evaluate each user's behaviour
and increase or decrease the level of training
intensity to help them achieve a strong
security mindset.
Deployment is swift, as you whitelist the
spoofed mail domains used by SAS, and onboard
users and groups from Active Directory
(AD), Azure AD, LDAP or via CSV upload.
Ongoing management is equally simple, as
SAS uses the same web portal as all other
Hornetsecurity products to provide a single
pane of glass. From the SAS configuration
page, you view all evaluated users and groups,
enable phishing simulations and set up e-
training. For phishing simulations, you can hand
the whole process to the Spear Phishing Engine,
which automatically generates and sends
simulated phishing emails, based on each user's
measured security level.
Plenty of customisation is available,
as you can have personal evaluations sent to
each user, so that they can view them in their
own Security Hub portal and choose to view the
types of phishing emails, with options for
emails containing attachments, macros,
credential phishing and domain spoofing. A
Report Phishing for Outlook plug-in is also
available, so users can report suspicious emails.
The e-training module is activated for all users
and you can specify the number of training
sessions it should carry out each year. The
Awareness Engine is very smart, as its Single
User Booster feature ensures weak users in a
group receive more training, while the
Productivity Booster reduces training for those
with high security scores.
At this point, you can leave SAS to get on with
its job in the background and as users receive
their test phishing emails, it watches what they
do with them. If they recognise and report it,
they'll improve their security score; but, if they
click on a link or open an attachment, the e-
training module kicks in, right at the 'most
teachable moment'. Users that were tricked are
redirected to an advisory web page, which
provides interactive e-training that teaches them
all the things they need to look out for. It shows
how to validate the sender's address, hover the
cursor over a link to see its real destination and
question the message content - all simple, but
important, precautions.
The SAS dashboard shows your current and
projected ESI® scores and enables selfgovernance
with knowledge, as it compares
your company's rating with the industry average.
A statistics page provides charts of all actions
carried out on test emails, their success rates
and which psychological tricks are proving
to be the most effective.
Hornetsecurity's Security Awareness Services is
a staunch ally in the fight against phishing. It
can turn staff into a valuable security asset, and
its power-ful automated phishing simulation,
response and e-training capabilities make it
remarkably easy to deploy and to use. NC
Product: Security Awareness Service
Supplier: Hornetsecurity
Web site: www.hornetsecurity.com
Tel: +44 (0) 203 0869 833
Sales: sales@hornetsecurity.com
Contact Hornetsecurity for pricing.
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER 2023 19
NETWORKcomputing
@NCMagAndAwards

OPINION: DATA CENTRES
HOW DATA CENTRES CAN BECOME GREENER
MICHAEL MCNERNEY, VICE
PRESIDENT MARKETING AND
NETWORK SECURITY,
SUPERMICRO, OUTLINES THE
DIFFERENT METHODS DATA
CENTRE OPERATORS CAN TAKE
TO REDUCE THEIR POWER
CONSUMPTION
Data centres use significant
amounts of electricity to power
their thousands of servers. From
the location of a data centre to the
placement of server racks, there are
several actions that data centre
managers can take to improve the power
usage effectiveness (PUE) of the data
centre. The PUE of a data centre is
defined as the total amount of power
delivered to the data centre, divided by
the amount of power used by the IT
components. The lower the value, the
more energy efficient the data centre is.
Of course, sourcing renewable power is
an obvious first step. Still, other methods,
such as increasing air inlet temperatures,
optimising power delivery, and utilising
the right system at the right time, can
contribute to a greener data centre.
OPERATE AT HIGHER
TEMPERATURES
When using traditional air cooling
mechanisms, the air entering the server
(inlet temperature) is maintained by
Computer Room Air Conditioning
(CRAC). How air conditioning is used in
a data centre contributes the most to the
PUE calculation. Reducing the amount of
air conditioning significantly lowers the
PUE and, thus, OPEX costs. Around the
world, many data centres are keeping
inlet temperatures too low. Data centre
operators can reduce power usage by
increasing the inlet temperatures to the
manufacturer's recommended maximum
value. Looking at the results from a
recent survey of over 400 IT professionals
and data centre managers, there is a
wide range of inlet temperatures, which
indicates that most IT administrators are
limiting the inlet temperature to less than
the manufacturer's "highest" limit.
CAPTURE HEAT AT THE SOURCE
CRAC is the most significant variable to
optimise to lower overall PUE. The PUE of
a data centre can be significantly reduced
when using liquid cooling solutions in
particular. While the data centre
infrastructure may need to be modified or
added to, the longer term OPEX savings
will outweigh the initial costs.
LIQUID COOLING
Liquid cooling of the CPUs and GPUs can
significantly reduce the need for having
CRAC units in data centres and the need
to push air around. There are several
different methods to use liquid cooling to
reduce the need for forced air cooling:
DIRECT TO CHIP (DTC OR D2C)
COOLING
This method passes a cold liquid over the
hot CPU or GPU. Since a liquid is much
more efficient at removing and
transporting heat than air is, the CPU or
GPU can be kept within its thermal design
power (TDP) envelope. This can lead to
significant savings when scaled across
thousands of systems in a medium to a
large data centre.
REAR DOOR HEAT EXCHANGER
(RDHX)
The rear door of the rack contains liquid
20 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION: DATA CENTRES
Server with D2C Liquid
Cooling Intstalled
and fans, which cools the hot server
exhaust air before the air enters the data
centre. The hot liquid needs to be cooled
before it is returned to the data centre
CRAC. This liquid cooling method keeps
the air at a lower temperature in the data
centre, reducing cooling demands on the
CRAC, which will lessen the amount of
electricity needed in the data centre.
IMMERSION COOLING
With immersion cooling, the entire server
- or groups of servers - are submerged in
a dielectric liquid. The close contact of
the liquid molecules with the hot CPUs,
GPUs, and other components is an
efficient way to cool the servers, as fans
will need to be removed from the
servers. Some minor modifications must
be made to the server before immersion.
An entire rack of servers can be cooled
in this manner.
Immersion Cooling of Complete Servers
HOT AND COLD AISLES
A significant amount of electricity can be
saved using the CRAC if the hot and cold
aisles are separated in the data centre.
When designed with hot and cold aisles,
the inlet and exhaust air should not mix,
allowing the data centre cooling to
operate more efficiently. For adequate
cooling, the rows of racks need to be
installed so that the rear of the racks face
each other, creating a hot aisle.
Therefore, an important best practice
when designing an energy-efficient data
centre is to have hot and cold aisles.
OPTIMISE POWER DELIVERY
Power conversion from AC to DC entails
some amount of heat generated. With
AC being delivered to the data centre,
the power must be converted to DC for
the system. With each conversion, energy
is lost, contributing to the inefficiency of
the data centre. More efficient
conversion will result in less wasted
power during the conversion, with heat
being the by-product that must be
removed from the system.
Titanium power supplies are the most
efficient option, offering 96% power
efficiency. Platinum power supplies are
slightly less efficient at 94%. Gold power
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2023 NETWORKcomputing 21

OPINION: DATA CENTRES
Hot and Cold Aisles in a Data Centre
supplies offer a lower efficiency of 92%.
The efficiency of a power supply isn't linear
or flat when it comes to the supply's output
range. Most power supplies operate at
their maximum efficiency when running in
the upper ranges of their rated capacity.
This means that an 800-watt power supply
providing 400 watts of power (50%
capacity) will be less efficient than a 500-
watt power supply providing that same 400
watts of output power (80% capacity).
SOURCE GREEN ENERGY
A data centre's energy source has the
most significant impact on its carbon
footprint and poses the most substantial
opportunity to benefit the environment.
Renewable energy programmes for
commercial customers include generation
through utility, third-party power
purchase agreements (PPA), or renewable
energy credits (REC). Distributed
renewable energy production owned or
controlled by data centres is optimal. But
on-site renewable energy sources do not
always satisfy data centre energy
demands. Fortunately, clean grid energy
can augment this. There are also
increasingly effective energy storage
solutions for deployment on-site, coming
down in cost as battery technology
improves and scales.
RETHINK SITE SELECTION CRITERIA
Large-scale data centres cost a lot of
money to operate. For example, a single
hyper-scale data centre can demand 100
MW of power to keep servers, storage,
and networking infrastructure performing
as expected (enough to power 80,000 US
households). In addition, while electronics
use most of the energy consumed in a
data centre, cooling those electronics to
maintain operating temperatures can
consume 40% of facility energy.
Building costs consist of the land value
as well as the cost of construction.
Construction prices vary depending on the
geography or region. Unlike building a
home or an office building, a data
centre's location has some unique
requirements to be considered "green"
and deliver agreed-upon Service Level
Agreements (SLAs). Factors such as
climate, energy pricing, risk of natural
disasters, water costs, and the cost of
network bandwidth all contribute to the
choice of data centre locations.
Data centres are critical to the world's
economy. Many aspects of modern life
depend on them, which consumes more
electricity than ever before to deliver the
services everyone uses. While the work per
watt of the CPU continues to increase,
there is a need to reduce the overall data
centre power consumption.
There are several actions that data centre
operators can take. These include running
systems at warmer temperatures,
configuring the data centre with hot and
cold aisles, and sourcing green energy.
Data centres can reduce their PUE by
taking just a few steps, lowering their
operating expenses and decreasing their
CO2 footprint for years to come. NC
22 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

PRODUCT REVIEW
Endace
EndaceProbe
Cloud
PRODUCT REVIEW
PRODUCT
REVIEWPRODUCT RE
Cloud computing has revolutionised
business operations globally, but the
'shared responsibility' security model
used by providers presents many challenges for
SecOps and NetOps teams. Providers look
after the security of the infrastructure, data
centres and server hardware leaving customers
to handle cloud application, data, operating
system and access security. For teams to
respond quickly to cyberattacks and resolve
network or application performance issues, they
must be able to capture, store, index and
analyse accurate records of all traffic activity.
Historically, this has been a major pain point for
cloud services, but packet capture expert
Endace has the perfect solution as its wellrespected
EndaceProbe appliances can now be
hosted in the cloud.
Supporting Amazon Web Services (AWS) and
Microsoft Azure public clouds, EndaceProbe
Cloud delivers the same excellent packet
capture and analysis features found in Endace's
hardware appliances and places them right
where they can provide deep visibility into cloud
environments. Capable of capturing packets
from virtual packet brokers, VPC mirrors, virtual
span ports, load balancers, firewalls, vSwitches
and virtual machines, EndaceProbe Cloud
assures full security, storing all recorded packet
data within your own VPC or virtual network.
Deployed as a virtual machine, using the
recommended sizing, EndaceProbe Cloud
delivers 4Gbps packet to disk write
performance, millisecond accurate
timestamping, and a maximum native storage
capacity of 250TB per instance. Endace's
software compression and Smart Application
Truncation technology further boosts packet
capture capacity to as much as 500TB. You can
also control cloud subscription costs by sizing
the appliance up or down to your requirements.
Endace adds extreme flexibility. All
EndaceProbes in globally distributed cloud and
hybrid networks can be centrally accessed
through a single console. Endace's
InvestigationManager - which can be hosted in
the cloud or on-premises - provides centralised
search and data-mining. Using
InvestigationManager's integrated
EndaceVision, a browser-based analysis tool,
analysts can choose data sources from multiple
EndaceProbes, view them simultaneously and
use data visualisation tools to home in on areas
of interest such as flows, top talkers, protocols
and users. All search operations are performed
locally on each EndaceProbe and only packets
of interest are passed to InvestigationManager.
Data egress charges are significantly reduced
as there's no need to download huge pcap files
from the cloud.
Management of all Endace deployments can
also be done centrally using EndaceCMS,
which provides a single pane of glass for all
administrative functions including health
monitoring, configuration and upgrades. You
can host EndaceCMS either on-premises or in
the cloud too.
EndaceProbe Cloud integrates seamlessly with
a wide range of security and performance
monitoring tools including solutions offered by
Cisco, Palo Alto Networks, Plixer, Splunk and
many others. Endace's APIs integrate directly into
the user interfaces of these products so teams
can analyse packet data directly from within the
tools they already use without needing to have
specific knowledge of Endace's appliances.
A good example is Splunk. When Splunk
shows an alert or event, analysts can access
related packets directly from within the Splunk
GUI - so they don't need to change their existing
workflows. They can create, share and customise
investigations accessing data from multiple
EndaceProbes, view conversations, extract files
from suspicious communications, generate rich
logs for insight into network activity, and decode
packets directly in the hosted Wireshark, thus
avoiding more cloud egress charges.
Cloud infrastructures are under an everincreasing
barrage of cyberattacks, and SecOps
and NetOps teams need total visibility into AWS
and Azure environments to do their jobs.
EndaceProbe Cloud provides an answer as this
highly scalable unified packet capture and
analysis solution is simple to deploy and ideally
suited to hybrid, multi-cloud architectures. NC
Product: EndaceProbe Cloud
Supplier: Endace
Web site: www.endace.com
Sales: +44 (0)800 088 5008
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER 2023 23
NETWORKcomputing
@NCMagAndAwards

CASE STUDY
GLOBAL TRANSFORMATION AND ASSET MANAGEMENT
FOR RENTOKIL INITIAL
RENTOKIL INITIAL ENHANCES SECURITY COMPLIANCE, TRACKING AND REPORTING ACROSS
25,000+ IT ASSETS WORLDWIDE WITH LANSWEEPER
Based in the UK, Rentokil Initial is one of
the largest business services companies
in the world, with 44,500 employees
and operating in over 80 countries. The
company offers route-based services including
Pest Control, Hygiene, and Workwear, through
teams of local experts.
In early 2020, Rentokil Initial's Global
Configuration Manager was looking for a way
to solve the gap in their asset management
strategy. The Rentokil Initial team uses the
ServiceNow IT Service Management platform
to manage digital workflows for enterprise
operations, and they've also been using its IT
asset management capabilities to track and
manage IT assets across the enterprise.
The company needed a solution that could
automatically identify and add assets to the
inventory that might otherwise be overlooked
or forgotten. With more than 25,000 assets to
manage, this large-scale automation was a
critical capability to have.
Enhancing IT asset management and
identifying potential vulnerabilities:
Complete IT Asset Identification: Rentokil
Initial's first goal was to identify all IT
assets and potential vulnerabilities
residing within Windows devices and
software across its extensive global IT
estate. This was essential for maintaining
a comprehensive view of their digital
landscape.
Accurate CMDB Data: Rentokil Initial
aimed to feed up-to-date, accurate IT
asset inventory data into its ServiceNow
Configuration Management Database
(CMDB). This data would serve as the
foundation for compliance tracking and
reporting, helping them stay in line with
industry regulations.
Accurate Data Records: Rentokil Initial
used Lansweeper IT asset management
software to discover the IT assets on its
network. This accurate data seamlessly
fed into their CMDB, creating single,
verified data records for each managed
asset. This transformation laid the
foundation for streamlined compliance
processes and real-time reporting.
24 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

CASE STUDY
Computer Security and Visibility: In a world
where data breaches and cyber threats
loom large, Rentokil Initial recognised that
safeguarding their digital assets was
paramount. Security became the chief
motivator for embracing Lansweeper,
enabling them to gain a comprehensive
view of their IT assets, including Windows
devices and software, and pinpoint
potential vulnerabilities.
Rentokil Initial bid farewell to spreadsheets
and manual processes, which often left room
for errors and inefficiencies, and ushered in
streamlined operations with enhanced
accuracy. By eliminating the time-consuming
manual tasks that plague IT asset
management, Rentokil Initial was able to foster
a more agile and responsive approach.
Integration was a cornerstone requirement
for enhanced IT asset management, and
Mark Blackman, Global Configuration
Manager at Rentokil Initial, underscores the
importance of this, "We needed a solution
that would complement what we already had
in place and simplify software audits. While
our ServiceNow platform provides asset and
configuration management, if somebody
didn't manually register an asset, or if there
were connected Windows devices that had
not been identified, we were blind to those
asset's existence."
Understanding the magnitude of security
risks, including identifying and alerting when
an unknown asset connects to the network,
was deemed critical. This integration with
ServiceNow empowered Rentokil Initial to
proactively monitor their IT landscape,
fortifying their security posture.
"Rather than relying on a single tool, we have
multiple tools in place, which feed information
to the CMDB within ServiceNow," explains
Blackman. "Having data from many tools
creates data "triangulation," providing a depth
and breadth of information across all virtual
machines, physical devices and software on
the assets we want to manage."
Compliance with the General Data Protection
Regulation (GDPR) was a compelling driver for
embracing an IT asset discovery solution.
Lansweeper provided the necessary tools to
maintain GDPR compliance, ensuring Rentokil
Initial remained in harmony with the everevolving
legal landscape.
A SEAMLESS PATH TO ORGANISATION-
WIDE VISIBILITY
In the quest for comprehensive IT asset
management and security compliance,
Rentokil Initial deployed Lansweeper scanners
across regional data centres in North America,
Asia, and EMEA. This was a significant
milestone and set them on a journey to
revolutionise their organisational visibility.
All the data gleaned from these scanners was
centralised in a data hub in the UK. This data
repository served as the linchpin of Rentokil
Initial's IT asset management strategy,
facilitating real-time insights and compliance
tracking on a global scale.
While ServiceNow operated in the cloud,
Lansweeper's on-premises "mid server" acted
as the bridge between the two. This onpremises
component perfectly executed
Lansweeper queries, ensuring accuracy and
efficiency. The results were then seamlessly
transmitted back to the cloud instance of
ServiceNow, creating a harmonious marriage
of precision and convenience.
ILLUMINATING THE IT LANDSCAPE
Rentokil Initial gained the ability to peer into
every possible area of their IT assets connected
to the corporate network. This panoramic view
extended across continents, helping them
gauge the state of IT globally.
Moreover, this newfound visibility wasn't just
about counting assets - it was about identifying
potential vulnerabilities and risks lurking
beneath the surface. Armed with this insight,
Rentokil Initial could proactively fortify their IT
infrastructure, safeguarding their business from
potential threats.
The combination of agent-based and
agentless scanning is ideal for managing
devices across global locations. The agentless
scanning provides the ability to determine
whether a lost or misplaced device is GDPR
compliant and/or free from vulnerabilities, and
therefore not at risk of being compromised.
A key use case for these features was for
mergers and acquisition integration, which is a
key part of Rentokil's Initial strategy. "When we
acquire a new company, we simply deploy
Lansweeper on the company's infrastructure,
and we can immediately see all the devices
they have, what operating systems are not
supported, and whether they've been patched
properly," said Blackman. "That helps us
budget appropriately for any hardware
upgrades or remediation work to bring these
assets up to our corporate standards."
The data in the CMDB keeps Rentokil Initial's
senior management team informed via KPI
reports generated by the ServiceNow platform,
and data from Lansweeper is essential to
creating those reports.
NINE MONTHS TO GLOBAL
TRANSFORMATION
The global rollout was no small feat - the
networking team played a pivotal role,
meticulously identifying subnets and
credentials. These details were the keys to
unlocking a comprehensive scan, and the
infrastructure team meticulously verified them
to ensure the initial scan's success.
It stands as a testament to Rentokil Initial's
commitment to organisational visibility and
security. It's a journey that has not only
illuminated their IT landscape but also fortified
their defences against the ever-evolving threats
of the digital realm. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2023 NETWORKcomputing 25

OPINION: DDoS ATTACKS
SPANNING SECURITY GAPS AT THE EDGE
ROMAN LARA, PRINCIPAL
ANALYST AT NETSCOUT
OUTLINES THE THREAT FACING
ORGANISATIONS THAT FAIL TO
ADAPT THEIR DDoS
PROTECTION AT THE EDGE
In recent years, threat actors have become
increasingly efficient and effective at what
they do, allowing them to launch more
dangerous attacks and evade traditional
defence techniques more successfully than
ever before.
During this time, cybercriminals have also
been launching a greater number of attacks.
Findings from NETSCOUT's latest Threat
Intelligence Report show that global
distributed-denial-of-service (DDoS) attacks
reached an all-time high in 2022, with almost
13 million attacks taking place.
This increase in attack frequency, coupled
with the ease of use of DDoS-for-hire services,
means organisations need to ramp up their
protection of their critical online infrastructure,
in addition to that of downstream customers.
Although there are conventional protection
solutions which can stop some types of DDoS
attacks, businesses must go one step further to
strengthen both their on-premises and cloud
security measures from the different kinds of
DDoS attacks which exist.
There is no one-size-fits-all solution to DDoS
protection at the edge, but by establishing a
hybrid DDoS defence strategy, enterprise-level
organisations stand a better chance of
preventing the different types of DDoS attacks
from significantly damaging their business.
There are three main types of DDoS attacks
which are used by threat actors to intentionally
overwhelm a targeted website or digital
network: protocol, application-layer, and
volumetric attacks.
PROTOCOL DDOS ATTACKS
Firstly, protocol DDoS attacks are primarily
focused on taking down services or underlying
network infrastructure which are responsible
for delivering content to the end users. The
attacks disrupt services, thereby resulting in
legitimate users being unable to connect to the
resources. A common method to deploy a
protocol attack is through a SYN flood attack.
In 2021 NETSCOUT detected a shift in
preference by adversaries to direct path
attacks. These DDoS attacks target stateful
devices such as servers, load balancers and
next gen firewalls with the intention of filling
Transmission Control Protocol (TCP) State
Tables with bogus connections, resulting in
specific resources being overwhelmed and
becoming inaccessible to legitimate users. This
allows cybercriminals to take down even highcapacity
devices capable of maintaining
millions of connections designed to protect
services connected to the internet, such as file
transfer, email, and web servers.
A SYN flood attack involves an attacker
overwhelming the target's servers with
countless SYN packets - a request from
another device to start a new communication
channel - which contain spoofed IP addresses.
In response to each SYN packet, the server
invites the device to create the new channel.
However, the invitation is never fulfilled, and
the server continues to wait. As a result, the
server eventually crashes from waiting too long
for each individual SYN packet request. With
this attack method, cybercriminals can
dismantle high-capacity devices capable of
sustaining millions of network connections,
such as supercomputers.
APPLICATION-LAYER ATTACKS
Secondly, application-layer attacks are
designed to disrupt web applications that end
users interact with. An application-layer
attack can be launched by a cybercriminal
using even a single machine or legions of
bots to continually request the same digital
26 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION: DDoS ATTACKS
resource - like a website or pdf - from the
targeted server.
As a result, the application is overwhelmed
and is unable to deliver content to its users.
These attacks are mostly used to target web
servers, but can also go after any digital
application, including session initiation
protocol (SIP) and border gateway protocol
(BGP) services.
VOLUMETRIC ATTACKS
Lastly, there are volumetric attacks. These
involve threat actors flooding a target with
malicious traffic in an attempt to consume
all available bandwidth either within the
target network/service, or between the
target network/service and the rest of the
internet. These attacks are simply about
causing congestion.
From 2006 to 2021, volumetric attacks
reigned supreme, with DNS amplification
attacks at the forefront. These attacks work
by sending requests that generate large
replies to multiple open domain name
system (DNS) servers from a spoofed IP
address to appear as though the request is
coming from the target. At full scale, the
large influx of DNS traffic onto a single
server can overwhelm it, forcing the server
to crash.
Adversaries will typically choose one or
more of these different types of attacks to
use against the on-premises and cloud
environments of targets in order to maximise
the degree of damage. This demonstrates
the need for organisations to integrate a
multi-faceted defence approach across both
their network availability and digital
infrastructure to effectively mitigate modern
DDoS threats.
THE NEED FOR A HYBRID DDOS
DEFENCE APPROACH
The difficulty organisations face is having to
put equal protections in place to reinforce
their security across all network
environments. This blocks DDoS attacks
which are capable of evading either onpremises
only or cloud-only defences.
For instance, conventional cloud-based
DDoS mitigation tools can defend against
larger volumetric attacks targeting internet
connectivity prior to them overwhelming
local protection. Meanwhile, to defend
against application-layer and encrypted
traffic attacks, organisations will need onpremises
defences near the targeted
applications or services. However, with both
examples, the solutions' level of effectiveness
is very limited as it protects one network
environment instead of the other.
For organisations to overcome this, it is
best practice for them to adopt a hybrid
or multi-layer DDoS defence approach
with both cloud and on-premises
components that recognise all the
different DDoS attack vectors and
methodologies.
HOW TO ESTABLISH A HYBRID
SECURITY STRATEGY
A hybrid DDoS defence strategy
incorporates an on-premises, detection
and prevention system with on-demand
cloud-based mitigation capabilities at
the edge. The combination of the
unrelenting nature of adversaries and
the growing complexity of DDoS attack
methodologies and techniques
necessitates the basis of a
comprehensive DDoS mitigation
strategy to be an on-premises, roundthe-clock,
purpose-built DDoS attack
protection system.
This must be capable of automatically
identifying and blocking all types of
DDoS attacks and other cyberthreats
prior to damage being inflicted on
business-critical online infrastructure
and services.
While traditional cloud-based DDoS
protection solutions are effective when it
comes to stopping large volumetric DDoS
attacks, they have difficulty in blocking
other types of DDoS attacks designed to
evade their systems. But cloud-based
mitigation solutions shouldn't be
discarded entirely, as they strengthen the
protection of on-premises tools.
Fundamentally, the best solution is to
use a combination of an on-premises and
a cloud solution with intelligent and
automated integration, as this provides
the most comprehensive protection
possible. Although this doesn't represent a
one-size-fits-all solution, this approach
helps organisations to ensure that new
and evolving DDoS threats can be dealt
with in real time.
INCREASINGLY EFFECTIVE THREAT
ACTORS
With cybercriminals becoming
increasingly adept at launching
dangerous attacks and evading
traditional defence techniques, an
inability to adapt and defend against
these emerging DDoS attack techniques
will significantly damage businesses.
Therefore, businesses should implement a
more comprehensive defence strategy to
secure their network edges.
Even though cloud-based solutions may
be cost-effective, ultimately, they must do
more to protect organisations from the
rapidly evolving nature of the threat
landscape and the emerging types of
DDoS attacks.
Nevertheless, a multi-layer, hybrid solution
which deploys on-premises defence at the
edge, alongside a cloud-based backup,
ensures enterprises can maintain improved
cyber hygiene and prevent extended server
downtime in the event they're impacted by a
DDoS attack. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBERR 2023 NETWORKcomputing 27

OPINION: NTNs
TO 5G - AND BEYOND!
KEYSIGHT TECHNOLOGIES' DYLAN MCGRATH GIVES US AN INSIGHT INTO THE FUTURE OF
NON-TERRESTRIAL NETWORKS AND THE ERA OF DEMOCRATISED CONNECTIVITY
Non-terrestrial networks (NTNs)
represent an exciting new frontier
in communications as they extend
the reach of 5G into regions lacking
terrestrial infrastructure. NTNs use both
satellites and high-altitude platforms such
as balloons, airships and pilotless aerial
systems in the stratosphere to ensure
coverage and reliability in virtually any
scenario. Decreased costs and new
capabilities in terrestrial 5G are combining
to make NTNs increasingly viable,
ushering in a new era of true global
connectivity and a space-based IoT that
will permanently change our perception of
communication.
3GPP's 5G standards recognise NTNs as
a part of the 5G connectivity infrastructure.
One of the network's chief benefits is multiconnectivity,
as users connect through both
terrestrial and satellite links, with the
former handling low-latency traffic and
satellites reserved for high-latency traffic.
There are a multitude of fascinating use
cases to explore here, including:
Augmentation of terrestrial networks:
5G NTNs will fill gaps in cellular coverage,
allowing operators to enhance
the latter without driving up costs.
NTNs will also bolster network resiliency,
increasing availability and preventing
outages. In addition, they will
enable operators to quickly restore
service to areas impacted by natural
disasters. NTNs can also be used to
dynamically enhance coverage in
response to changing circumstances.
Take a Premier League game under
typical terrestrial network conditions.
Data throughput and connectivity suffer
with the influx of spectators posting and
streaming. With NTNs, however, drones
could be deployed as flying base stations
above the stadium to temporarily
boost connectivity and increase bandwidth,
leading to a glitch-free experience
for the game's duration.
Whole-world connectivity: As NTNs
mature, they will enable global broadband
connectivity, even in isolated
regions. Consider remote locations
across the globe, such as parts of
Canada or Tibet, where establishing
ground infrastructure to support terrestrial
connectivity is either not economically
viable or physically impossible.
NTNs will change this, providing
consistent, high-speed service in even
the most inaccessible areas. Some
vendors have already introduced services
that support an SOS messaging
28 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION: NTNs
capability - for example, enabling a
lost hiker on a remote mountain
range to summon help via their
smartphone. NTNs will make this
pervasive and eliminate the connectivity
challenges we associate with
sailing, camping, mountain climbing
and other activities in isolated areas.
This will also have significant implications
for aerospace and defence,
and other sectors operating in geographically
remote regions.
Remote pipeline monitoring: With
speeds of up to 20 Gbps, 5G NTN's
high-speed data transfer capabilities
are a significant benefit for applications
that rely on real-time data processing-for
example, remote monitoring,
surveillance, and autonomous
vehicles (AVs.) In the latter industry,
NTNs can augment terrestrial networks
and ensure vehicle safety in
the event of congestion or outages,
and in areas with poor connectivity.
In addition, offshore oil platforms
and other enterprises operating in
remote regions without terrestrial
infrastructure will be able to monitor
operations and equipment more
closely as the technology matures.
Image intelligence: The Ukraine war
provides an excellent example of this
insight, as satellite images were the
first to show the military vehicles
Russia amassed in advance of its
attack. This intelligence will become
a key weapon in future military conflicts,
as well as tracking global
warming, pandemics and other
macro events.
ROADBLOCKS TO INNOVATION
As with any new technology, before
realising these and other 5G NTN
possibilities, the industry must first
overcome numerous challenges. These
include design considerations:
The link distances are much longer
with NTNs than with terrestrial
networks, and the resulting
implications must be accounted for
in the design process to avoid
issues. Introducing a fast memory in
which the signal is written and then
read out with a different speed is
one important step. This addresses
both the propagation delay and
high Doppler frequency associated
with NTNs.
Where and how to process data is
another concern.
In most cases, this will be determined
by the individual use case and end
goal. For industries such as the
military, it may be better to design a
satellite with a big computer, long
battery life and a large solar array to
facilitate edge computing of the
data via the satellite. This would
enable divisions to spot
changes in civilian
movement or armament
formation that could
signal a hostile advance,
as in the Ukraine
example discussed
above. In other
scenarios, it might be
better to send data to the
ground for processing,
which entails having the
bandwidth necessary to
facilitate the transmission.
Finally, NTNs have the potential to
replace the legacy proprietary
network and operator systems with
total interoperability and universal
service. Actualising this vision requires
that network operators and satellite
providers collaborate share knowledge,
and come up with new ways to bring
services to the end users.
Much work remains before NTNs can
fully deliver on their promise, but the
future is closer than many might think.
As we move towards making seamless
global connectivity a reality, savvy
companies should be preparing to
capitalise on NTNs and all the
possibilities inherent in a truly
connected world. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2023 NETWORKcomputing 29

OPINION: CLOUD SECURITY
BOOSTING YOUR CLOUD DEFENCE
ANTHONY WEBB, VICE PRESIDENT AT A10 INTERNATIONAL
EXPLAINS THE IMPORTANCE OF COMBINING APPLICATION
DELIVERY WITH NEXT-GEN WAF TO BUILD RESILIENCE FOR HYBRID
CLOUD ENVIRONMENTS
In today's modern business landscape, outside
of any macro issues or economic uncertainty,
there are two significant technology
challenges that enterprises are grappling with.
The first challenge is around the constantly
evolving threat landscape, and the growing
sophistication of cybercriminals and their
techniques. This means the risk of an application
attack and a data breach is an ever-present
threat that enterprises must contend with.
The other key challenge is around the
effectiveness and economics of cloud
operating models. Without a doubt, over the
last decade digital transformation has
catapulted many businesses forward, and
some can now claim to be 'true' digital
businesses servicing their customers in new
and exciting ways. However, in this new digital
and hybrid cloud environment, enterprises are
highly concerned about how they can best
secure, optimise, and automate their
infrastructure in the most effective and costefficient
way.
APPLICATIONS MUST BE
CONSISTENTLY AVAILABLE
Today, organisations must guarantee their
applications are consistently and securely
accessible, no matter the location, to ensure
the best end-user experience and productivity.
This includes ensuring workloads are efficiently
distributed across all servers, monitoring
application health, and maintaining
operational integrity around the clock.
However, when you add in the need to
protect against a rise in application attacks and
an ever-increasing number of bad actors
targeting the organisation, the scale of these
challenges starts to become clearer. Likewise,
complex deployments, coupled with regular
maintenance and often limited resources
dedicated to cybersecurity, are exacerbating the
risk to organisations further.
In this environment, with cybercriminals
constantly evolving their tactics to exploit
vulnerabilities in systems, a layered defence
strategy that provides comprehensive
protection against a wide range of threats is
essential. At the same time, a solution that also
helps to deliver better business outcomes,
enabling organisations to optimise the
customer experience, and ensure business
continuity, is highly desirable.
COMBINING ADC WITH NEXT-GEN
WEB APPLICATION FIREWALL
Combining an application delivery controller
(ADC) and a next-gen web application firewall
(WAF) creates a robust security solution that
supports the principles of a Zero Trust security
framework. As organisations seek to establish a
more efficient, effective, and secure cloud
operating model, these two combined
technologies enable a highly performant
security solution at a strategic application
ingress point that reduces false positives and
automates security, empowering agility and
effectiveness. The ADC efficiently sifts through
the myriad of threats, while the next-gen WAF
efficiently provides defence against more
sophisticated web attacks.
HOW DOES THIS LAYERED DEFENCE
APPROACH WORK?
To explain in a bit more detail how this layered
defence works, let's start with the ADC. ADCs
can provide load balancing and transport layer
security (TLS) offloading, which can help reduce
the attack surface by minimising the number of
entry points into the system. This mitigates the
impact of volume-based attacks, such as DDoS
or brute-force attacks. On the other hand,
next-gen WAFs can provide deep packet
inspection and advanced threat detection
capabilities, enabling them to identify and
block attacks such as account takeover (ATO),
known CVEs, injections, cross-site scripting
(XSS), and other OWASP Top 10 attacks.
Earlier in the year, we partnered with Fastly to
offer its next-gen WAF with our Thunder®
ADCs to provide our customers with a premier
next-generation web application firewall
solution running on high-performance
hardware and virtual platforms for businesses
operating in a highly competitive market. This
enables organisations to protect their apps
against advanced threats with greater accuracy
while gaining superior application availability
and accelerating content delivery.
DIGITAL TRANSFORMATION INITIATIVES
WILL CONTINUE TO EVOLVE
Unfortunately, digital transformation is not a
one and done initiative. Moving forward,
enterprises will continue to evolve their
environments as new technologies inevitably
emerge. Likewise, the cyber threat landscape
will undoubtedly continue to expand, very likely
at the same pace as we're seeing currently - if
not faster. Organisations must therefore stay
vigilant, never compromise and make sure that
they have a layered defence approach to
protect their business. NC
30 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION: WI-FI 7
THE MAGNIFICENT 7?
KALAM MEAH, ISP DIRECTOR AT TP-LINK UK & IRELAND LTD.,
CONSIDERS HOW BUSINESSES CAN EMBRACE THE NEXT STAGE
OF CONNECTIVITY WITH WI-FI 7
The arrival of Wi-Fi 7 marks the next stage
of wireless connectivity, offering reduced
latency, seamless 4K streaming and ultrafast
downloads. While Wi-Fi 6 was created to
handle the growth of connected devices, Wi-Fi
7 delivers astounding speeds for these devices
with more power and efficiency, achieving data
rates of up to 46 Gbps - 4.8 times faster than
Wi-Fi 6. This new technology will be pivotal in
supporting the rollout of evolving technologies,
such as AR, VR and the Internet of Things (IoT),
across healthcare, education and hospitality.
Few mainstream devices currently support the
technology, but businesses can still embrace
Wi-Fi 7 and plan for its long-term use within
their organisations. Older devices in the 2.4,
5, and 6 GHz spectrum bands can connect via
Wi-Fi 7, albeit at slower speeds. That gives
businesses the flexibility required for a
smoother, more cost-effective transition,
meaning they can upgrade their networks
gradually without wholesale device
replacement.
ENHANCING HEALTHCARE DELIVERY
Delivering timely, best-in-class elective care to
a backlog of more than 7 million patients is an
ever-evolving problem. Wi-Fi 7's improved
connectivity will support medical professionals
and clinicians across diagnosis, treatment,
research, and innovation adoption.
The pandemic demonstrated how to deliver
non-urgent healthcare remotely and online.
Telemedicine solutions help alleviate pressure
by reducing the time spent on face-to-face
care, and remote patient monitoring (RMP)
eliminates the need for regular in-person
check-ups. Keeping devices and hospitals
connected is the leading challenge here; the
number of hospital-based IoMT (Internet of
Medical Things) is projected to exceed seven
million by 2026, with more than 3,850 per
smart hospital.
These solutions require robust infrastructure
to ensure secure, timely transmission of health
data between patients' homes and hospitals.
Wi-Fi 7's integration with IoT-based systems
delivers just that.
CHANGING THE FACE OF THE
CLASSROOM
Wi-Fi 7 will be a game-changer for education.
Students and teachers can download and
upload learning resources more quickly,
stream videos with less lag, and participate in
virtual lessons with minimal disruption.
High-definition video conferencing and
immersive VR experiences will be better
supported through advanced technologies like
MU-MIMO (Multi-User, Multiple Input,
Multiple Output), enhancing remote and
hybrid learning environments by allowing
multiple devices to communicate
simultaneously without delays or quality issues.
Increasingly, academic trusts are adopting
tech-based ecosystems to improve security,
cost and energy efficiency. Many schools are
already utilising smart lights and motion
sensors to automate lighting and reduce
energy consumption, while smart locks,
surveillance cameras and access control
systems are helping schools limit or extend
access, protecting students, staff and property.
Wi-Fi 6 may struggle to support the breadth
of these technologies effectively. Wi-Fi 7, on
the other hand, can fuel the transition to Smart
Schools with five times the network capacity
and 480% more throughput than Wi-Fi 6.
BRINGING HOSPITALITY INTO THE
NEW TECHNOLOGICAL AGE
From independent coffee shops to large hotel
complexes, customers expect uninterrupted Wi-
Fi connectivity, and staff rely on it to organise
bookings, take payments and update stock
lists. Increased bandwidth and multi-channel
capabilities will significantly improve hotel
connectivity, enabling Wi-Fi 7 to accommodate
thousands of connected devices. Via apps,
hotels can transform guest experiences with
more control and enhanced security through
sensors, thermostats and other devices.
Automated check-in allows guests to arrive at
unsociable hours and reduces the number of
staff required to welcome them.
Managing the unified infrastructure of large
hotel complexes remotely over Wi-Fi 7 will
enable IT technicians to monitor devices and
network health, responding to connectivity
issues near-instantaneously without having to
visit the site.
NOT 'IF', BUT 'WHEN'
As it evolves and becomes more established,
Wi-Fi 7 will usher in a new era of connectivity.
That's why it's essential for organisations to be
aware of its potential. As one of the key
building blocks that spearheads innovation,
industries should embrace this opportunity to
harness the power of Wi-Fi 7 to improve
communications, enhance customer
experience and streamline operations for
stakeholders and customers. NC
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER 2023 31
NETWORKcomputing
@NCMagAndAwards

OPINION: ESM
ENGAGING AI FOR ENTERPRISE SERVICE MANAGEMENT
ENTERPRISE SERVICE MANAGEMENT IS MAKING AI-POWERED TEAMS A REALITY, ACCORDING TO
CULLEN CHILDRESS, SENIOR VICE PRESIDENT PRODUCT AT SOLARWINDS
This communications overload scenario
is the reality for most teams across
departments within an organisation.
However, the good news is that there is a
solution to streamline internal
communications, requests, and tasks.
Your employees probably feel like
robots. Just attempting to keep up in
our increasingly networked and
always-on world means an endless
barrage of alerts for the various
applications and technologies we use to
do our jobs.
Teams are more connected than ever,
but that actually may be limiting
productivity and collaboration. One study
found that employees already spend
nearly 30% of their time on email, leading
to high levels of stress and pressure to
respond to messages rather than focusing
on more substantial tasks.
While communication is key to
collaboration and creativity among teams,
especially in today's hybrid and remote
workforces, an overabundance of
communications is bogging down
employees' abilities to do their best work
and stifling creativity rather than
fostering it.
IT teams have long recognised the value
of IT Service Management (ITSM)
solutions in streamlining and improving
efficiency. These systems use AI to help
automate routine tasks, prioritise
requests, and provide self-service options
for employees. Instead of having a real
person do this alone, AI quickly supports
simple tasks such as automating service
ticket routing, leveraging virtual assistants
to answer frequently asked questions, and
developing an endless feedback loop to
enhance the end-user experience.
A recent survey of SolarWinds customers
found that its AI features in ITSM solutions
enabled IT teams to reduce the time to
resolve tickets by 24% and save an
average of 23 hours per week. These
benefits can now increasingly be
leveraged beyond IT teams with the move
to what is being called "Enterprise Service
Management," which enables other
departments to build their own AI-driven
ticket management system.
CLOSING THE COMMUNICATION
FLOODGATE
The expansion of Enterprise Service
Management (ESM) provides every
department across an organisation with
its own service portal, ticket management
system, and service catalogue. This
empowers HR, legal, marketing, sales,
and other departments to enjoy the same
increase in
efficiency and
productivity that IT teams
have seen for years. And with the
integration of AI into ESM services, it
further facilitates inter-departmental
cooperation, enabling the entire
organisation to enhance service delivery,
better manage requests, and speed up
workflows for better employee and
customer experiences.
Consider an HR department which plays
a pivotal role in an organisation's
success, from recruitment and
onboarding to benefits administration and
employee engagement. They are
frequently inundated with inquiries, from
leave requests to payroll issues and
everything in between. Traditional
communication channels like email,
phone calls, and instant messages often
result in bottlenecks and delays, leaving
HR departments struggling to keep up.
With an ESM system, HR departments
can transform their operations and
significantly reduce the need for email or
phone calls. For example, leave requests
32 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

OPINION: ESM
can be streamlined through the ESM
system. Employees could submit
requests through the portal, which
would then automatically route them for
approval to the appropriate managers,
with notifications and reminders built in.
This reduces the administrative burden
on HR and ensures that requests are
processed promptly, enhancing
employee satisfaction.
THE AI ADVANTAGE
The benefits of ESM get even better
with the integration of AI, which has
already proven it can be a powerful
tool for businesses. AI algorithms within
ESM can analyse data generated by
various requests and interactions,
providing valuable insights to all teams.
AI-powered ESM solutions can go
beyond just appropriately directing
ticket requests, for example, by
providing personalised responses based
on the employee's profile and past
interactions. AI will also be able to
identify trends in employee inquiries,
helping departments proactively
address common concerns and
improve company policies and
workflows. With the promise of AI, the
entire organisation is poised to become
more productive and efficient.
AI will have a profound impact on our
businesses and teams. But counter to
some concerns, we foresee this will free
up our teams' time for more impactful
work rather than mean a loss of jobs.
We can expect people to work
alongside their new AI "colleagues"
while taking on new roles that AI is not
suitable for, including increasingly
being able to use their human creativity
and ingenuity to innovate.
Organisations cannot afford to let
inefficient internal communications
slow their operations and creativity. It's
time to envision a workplace where
employees throughout the entire
organisation can dedicate their
attention to their substantive
responsibilities instead of being
overwhelmed by a flood of alerts and
notifications.
The future of work has arrived,
leading to unprecedented creativity,
innovation, and productivity, no matter
the size of your business or industry. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards NOVEMBER/DECEMBER 2023 NETWORKcomputing 33

OPINION: PROVIDERS
NECESSARY PROVISIONS
HAS ADAPTABILITY BECOME THE NEW BENCHMARK FOR AN
EFFECTIVE NETWORK? JUSTIN DAY, CEO AND FOUNDER OF
CLOUD GATEWAY, PROVIDES AN ANSWER
For businesses today, the significance of
maintaining a competitive advantage
and embracing technological
advancements can't be overstated. While the
past focus for IT professionals was on network
stability, today's challenges focus more on
network performance and the ability of
connectivity providers to keep up. It's no longer
acceptable for providers to be rigid and
unadaptable, and IT teams don't want to be
restricted to particular technologies and
circuits. But it isn't just proprietary technology -
this form of commercial inflexibility also
encompasses fixed costs, contact durations
and a whole host of other variables.
PROVISIONING FOR WHAT YOU NEED
If your company has experienced network
interruptions, erratic bandwidth or total
outages, you'll know only too well the
substantial risks they bring. These risks not
only include financial loss but also extend to
potential harm, reputational damage, data
loss, decreased productivity and diminished
customer satisfaction. Exploring advanced
networking solutions like Secure Access
Service Edge (SASE) can enhance operational
efficiency and bolster network resilience.
However, it's crucial to also evaluate the
flexibility on offer from your chosen
connectivity provider.
Be wary of committing to more bandwidth
than you currently require. Instead, look to start
with a volume that suits your present needs. If
a provider suggests an over-provisioning
strategy, persuading you to adopt larger
volumes and more connections up front, ask
yourself whether this truly benefits your
business. Often, the argument from the
provider is that it's more cost-effective to secure
more megabytes upfront, but this might not be
in your best interests.
The optimal approach involves scaling up
in alignment with your actual requirements,
when the time is right. Rather than investing
a significant portion of your budget into a
contingency plan. Consider partnering with
a provider who can offer flexibility and
collaborate with you to formulate the best
network strategy, allowing you to pay as
you grow.
NOT ALL NETWORKS ARE CREATED
EQUALLY
While it's advisable to choose a provider with
a solid track record, you should exercise
caution if you're confronted with lengthy
contracts and outdated technologies. Opting
for a larger, well-established provider can
sometimes mean getting locked into legacy
infrastructure which is yet to be modernised.
While a specific technology might meet your
current network requirements, it's essential to
consider the long-term. Will it adequately
adapt to the growing complexities of your
network and expanding infrastructure?
Additionally, it's sensible to approach service
credits with caution. Although they may appear
reasonable, they are often inadequately
negotiated and a challenge to manage. As
emphasised previously, network disruptions
can harm a business's reputation, finances and
overall performance. Before finalising any
agreement, evaluate whether the service
credits proportionately compensate the
potential loss of value to your business if you
do experience downtime. Ask yourself whether
the service is primarily focused on remedying
issues after they occur or on proactively
preventing them from happening.
WHAT DOES VALUE MEAN TO YOUR
BUSINESS?
Alongside price, you should also prioritise
value when selecting your connectivity provider
and network technology. Undoubtedly, cost is
a significant factor in the decision, with pricing
varying considerably based on speed, capacity,
and connection type. However, it's important to
reflect on what value truly means to your
organisation. Is it centred around adopting a
cloud-like approach? Can you easily scale to
meet your evolving requirements? Does the
contract offer flexibility through terms and coterming,
allowing you to align existing and new
services with the original contract dates?
Ultimately every business is unique, and there
is no universal connectivity solution that fits all
needs. For this reason, seek out a provider
capable of offering a diverse range of
technologies and services. The right provider
will assess your IT, financial and operational
requirements and suggest the most appropriate
technology to address your specific needs,
rather than your perceived need. Maintaining
flexibility in your network infrastructure is not
only about adapting to changes efficiently but
also possessing the commercial agility required
to embrace new opportunities and fulfil
evolving expectations. NC
34 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards
WWW.NETWORKCOMPUTING.CO.UK

COMING SOON
THE 2024 NETWORK COMPUTING AWARDS
Once again, we will be asking you- the readers of Network Computing - to put
forward the people, the products and the companies that have most impressed
you. Look out for more details in the new year.
WWW.NETWORKCOMPUTINGAWARDS.CO.UK
ATTENTION VENDORS:
Have you got what it takes to impress our Judges? It's never too early to put
yourselves in contention. Book your solutions in to be independently reviewed
for Network Computing and they will be shortlisted for the BENCH TESTED
PRODUCT OF THE YEAR. Additionally, we invite you to submit your customer
success stories for the NETWORK PROJECT OF THE YEAR.
There are also opportunities to get involved with
the Awards as a sponsor.
Contact: dave.bonner@btc.co.uk